Just five days after a Google researcher published information of an unpatched Java bug, a compromised song lyrics site is sending users to a Russian attack server exploiting the flaw to install malware, an antivirus firm said today.
Last Friday, Google's Tavis Ormandy posted details of the Java vulnerability to the Full Disclosure security mailing list, spelling out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. According to Ormandy, all versions of Java for Windows since SE 6 update 10 -- which debuted two years ago -- are vulnerable. Other operating systems running Java are unaffected, he said.
Roger Thompson, chief research officer at AVG Technologies, said Songlyrics.com was unwittingly redirecting users to a Russian attack server feeding Ormandy's exploit to victims.
More: http://www.computerworld.com/s/article/9175499/
............................................................................................
Last Friday, Google's Tavis Ormandy posted details of the Java vulnerability to the Full Disclosure security mailing list, spelling out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. According to Ormandy, all versions of Java for Windows since SE 6 update 10 -- which debuted two years ago -- are vulnerable. Other operating systems running Java are unaffected, he said.
Roger Thompson, chief research officer at AVG Technologies, said Songlyrics.com was unwittingly redirecting users to a Russian attack server feeding Ormandy's exploit to victims.
More: http://www.computerworld.com/s/article/9175499/
