Inquest Proves Oracle’s Java Security Patch ‘Flawed’

OracleThough, SANS Institute's Internal Storm Center (ICS) and Websense, a security firm, have come up with two different reports regarding Java security patch by Oracle. It has been revealed by a latest report that both of them have identified almost same shortcomings.

The out-of-band fix was introduced by the company last week so as to ensure protection. But, the same was declared as a failure later when hackers were seen creeping into the program, organizing phishing campaigns aimed at users of Microsoft and Amazon.

The patch started receiving claims as containing a bug giving permission to hackers for bypassing as well as exploiting the system. Following the same, the two investigating groups delved into the same to reach the actuality.

Websense, which conducted its investigation into more than 10,000 emails on September 1, has told that all emails subjected as "You Order with Amazon. com" were asking recipients clicking on a hyperlink. The same was taking them to a Blackhole exploit kit hacking tool.

Besides, ICS says that the Microsoft Services Agreement emails carried all info regarding "Important Changes to Microsoft Services Agreement and Communication Preferences”. And the same copying Redmond’s legitimate emails were replacing a hyperlink with a virus.

"This email campaign illustrates the ingenuity and speed at which cyber-criminals package and propagate malicious content”, said Websense.