The Neutrino crimeware kit which was first uncovered in March 2013, seems to be the point of exploit for the vulnerability according to security analyst, Timo Hirvonen of F-Secure.
The mode of attack include exploitation of Java vulnerability to install ransomeware on users PC, while such users are coaxed into paying some fines citing law enforcement agents involvement among others. The bug could be "exploited by malicious local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS(denial of service), bypass certain security restrictions, and compromise a vulnerable system," according to Secunia.
Java 6 was officially retired in February, which is more reason the company did not make available a patch for it, but instead, recommend that users should upgrade to Java 7. Albeit, almost 48% of all Java users in the U.S. are still stuck to Java 6 according to statistics released March, 2013.
Sign up here with your email