Threat Database Malware Exp/20124681-A


By ZulaZuza in Malware

Exp/20124681-A refers to a Javascript that is designed to exploit a known zero-day vulnerability in the Java Runtime Environment 1.7 or Java 7. These vulnerabilities have resulted in several attacks that may involve the Black Hole Exploit Kit as well as nasty backdoor Trojans. The payload involved in these attacks seems to result in infections that may compromise the victim's online banking credentials as well as other private information. PC security researchers strongly advise to disable Java unless it is essential and to avoid potentially unsafe websites. Your security software should also be updated so that it will detect threats that exploit this recent Java vulnerability using the Exp/20124681-A script.

The Exp/20124681-A and the CVE 2012-4681 Java Vulnerability

It took less than a day from the time this zero-day vulnerability in Java went public to criminals using Exp/20124681-A in order to attack computer users. Malware analysts have uncovered attacks using the Exp/20124681-A exploit in previous threat packs involving the BlackHole Exploit Kit. Using this vulnerability along with known vulnerabilities for previous Java versions (such as CVE 2012-1723), criminals hope to use this third party platform to attack a wide range of computers. In fact, these kinds of vulnerabilities may infect computers with the Mac OS X operating system, because Java is a platform used both in Windows and on Apple computers. However, it seems that the Exp/20124681-A exploit may not attack all Mac OS X computers since the official Java version on computers straight from the manufacturer is Java 6. Unfortunately, many Mac OS X users have downloaded Java 7 from Java's developer, meaning that a large number of Mac OS X computers may also be at risk. For now, it seems that Exp/20124681-A may attack computers with the Mac OS X operating system and Java 7 but that criminals are still using this exploit to distribute threats designed for Windows computers. However, it is almost certain that this may change in the future.

Preventing Exp/20124681-A Attacks

Two basic steps that you can take to prevent Exp/20124681-A attacks include disabling Java completely or downgrading your Java version to Java 6. If you require Java for online banking, it is a common rule that your online banking should take place on a different browser from your normal Internet activity. Simply make sure that Java is disabled or downgraded on the Web browser that you use to interact with Web pages in order to prevent an Exp/20124681-A attack.


Exp/20124681-A may call the following URLs:


Most Viewed