Java is a programming language used by programmers to write computer instructions. This is a “high-level” language as programs written in this language can be easily manipulated by humans. Just like English language, Java has also set of rules. The rules and standards of a programming language are known as its “syntax”. Once a program is prepared in high-level instructions, it is further translated into numeric codes to execute on computer.
According to a recent finding by Microsoft, an unprecedented wave of Java exploitation is targeting Windows systems. According to a survey by Qualys’ data, it is found that Java is running on almost 80 percent of the systems worldwide on a regular basis. Apart from this about 40 percent of the total installations of java programs are vulnerable to attack. It clearly indicates that the owners of this crime kits are able to target even a wider set of victims.
Java is the most common language used for various applications and platforms. The applications developed in java are used by millions of user worldwide, including those home and office computer systems. So, the attack surface is huge. The end users might be cautious when they are asked to open a random Office document or a PDF file, many of them wouldn’t think twice about the prompts from Java.
Recently it is revealed that many of the sites use Malicious URL were exploiting Java, even without a single interactive prompt. The common malware attacks of java include an alert prompt for action. These alerts are mirrored ones and simply ask yes or no to proceed and the user generally choose yes to proceed. In this way most of the users simply invites a successful attack on system through mirrored java interface.
Java is one of most widely used programming language. It comes true with browsers and document readers like the Adobe Acrobat and people don’t think to update it. Apart from that Java is a technology that runs in background of the application to make more visible on the foreground, as said by Microsoft’s senior program manager Holly Stewart in MMPC blog.
The flaws in Java are being the hardest hit to resolve and these are patched by Oracle, which is owned by Sun Microsystems. According to Stewart the main problem is that many people simply overlook Java while updating the software unless it is needed for the business operations.
A possible resolution to the malware attack of java programs is to update the existing java environment of your system. A quite easy way to this issue is to use the automatic update feature in java runtime environment. It would be ideal if Oracle or Sun could collaborate along with Microsoft to use WSUS update process to distribute the common fixes to Java. If this mechanism could be extended worldwide to all major software vendors then Internet would become a safer place for java related applications.