US-CERT Says Java Too Dangerous, Uninstall Now

In a security advisory issued by the United States Computer Emergency Readiness Team (US-CERT), they recommend that, due to a recent vulnerability in the Java Runtime Environment, computer users should disable the Java Client completely in their web browsers.

Kaspersky Lab has been seeing an increase in the exploit and it's being used in more kits to spread the malware. In an update on Thursday, they reported:

"Well, the cat is out of the bag. Not only was the 0day circulating in the more prevalent exploit kits like Blackhole, Nuclear, and Red Kit, but now everyone is armed with the metaploit version. On that note, here is a bit more data...The filenames of the exploit as it was originally released and subsequently prevented by our AEP on December 17th (Moscow time) included ewjvaiwebvhtuai124a.class, hw.class, and test.class. This is interesting because previous Java exploits in Blackhole simply distributed mac.class, hw.class and test.class in their jar archives. So it was a simple switch, perhaps intended to fly under the radar. Perhaps it is interesting that the first known victim system executing the exploit retrieved the malcode with a Firefox browser, demonstrating the robustness of Java exploits. Also, in December 2012, the 0day was used to distributed TDSS and ZeroAccess malware."

While this does seem an appropriate response to protect one's self against the threat, Mat Honan from the ISC Storm Center issued this statement concerning the "Just Uninstall It" approach;

"It seems each time a zero day exploit is found in software, be that Java or otherwise, the industry pundits recommend that people stop using that software. New vulnerabilities will always be discovered in the software we use. If our best defense to a threat is to cause a denial-of-service on ourselves then this in the long term is a no-win strategy for us as an industry. We need to be looking at better ways to defend our systems and data, one good place to start is the 20 Critical Security Controls".

This exploit is not confined to any single browser as the first know occurrence was discovered on Firefox, and there is no sure protection from the exploit, due to its polymorphic nature. It's up to you to decide on an appropriate course of action. This is not the first time that Java has been targeted by malware.