CTA: Malwarebiter.com

CTA: Unpatched Java Exploit in the Wild

URGENT: New Java Exploit being used to infect Updated Users.

ACTION: Disable Java Browser Plugin using:


As of yesterday, a new Java exploit has been developed and released to the cyber-crime community. It is currently in the wild and being used to distribute malware such as the Reveton Ransomware.

No one is safe from this exploit if you have Java enabled in your browser, it is targeting the most recent update however it will still work on previous versions.  The best thing to do is disable Java entirely from running as a plugin on your browser. To do this, follow one of the above links and follow the instructions and restart your browser. If you are using Mozilla Firefox, Java might already be disabled because it seems that some browsers are taking the initiative and just disabling it automatically because of the threat.

In addition, the malware that is being spread by the exploit is currently detected by Malwarebytes Anti-Malware, if you have the Pro version, you will be actively protected from the threats by either having the IP of the malicious exploit site blocked or the malware itself will be unable to run.  If you only have the Free version however and you are infected, please see our previous post on Ransomware removal or seek help on the Malwarebytes Forums.

We will be posting a more detailed analysis on this threat and the malware associated with it soon. Thanks for reading and stay safe!


  • http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html – Kafeine – Malware Don’t Need Coffee
  • http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware/ – Brian Krebs – Krebs On Security


Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.