The hunt is on - 0day for java 1.7u10

Reply
L6 Presenter

The hunt is on - 0day for java 1.7u10

How many hours/days will it take for:

1) Wildfire customers

2) Regular customers

to get protected by a threat-db update regarding the latest 0day exploit for java 1.7u10 (and possible java 1.6u38) as descibed in:

Malware don't need Coffee: 0 day 1.7u10 spotted in the Wild - Disable Java Plugin NOW !

http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/

http://www.cert.se/sarbarheter/sr/sr13-006-oracle-0-day-i-java

?

Tags (3)
L0 Member

Re: The hunt is on - 0day for java 1.7u10

As I understand it, Wildfire won't help with the Java vuln per se, but it might help with the payloads delivered by the exploit. Wildfire only works on Windows executable files, correct?

I think it may be pretty hard to sig to the generic vulnerability for this. Most sigs are geared towards formatting idiosyncrasies found within a given exploit kit or even something as simple as the class file names for a specific version of the exploit.

L4 Transporter

Re: The hunt is on - 0day for java 1.7u10

Hello,

Wildfire can not help you because it can only analyze EXE or DDL file...

In my point of view, only APT vendors (like FireEye, Damballa, etc) can help you...

Regards,

HA

L7 Applicator

Re: The hunt is on - 0day for java 1.7u10

Hello,

Content version 349 was just released with the following CVEs:

CVE-2013-0422

CVE-2013-0422

CVE-2012-1530

CVE-2013-0603

CVE-2013-0604

CVE-2013-0621

CVE-2013-0622

CVE-2013-0623

CVE-2013-0626

CVE-2013-0624

The content release is referring to Java JRE and Adobe Reader vulnerabilities, and may reference the 0-day vulnerability you mentioned, but only the first of the three sites has any of the current CVEs (and it only has one) so I can't be sure.

Best,

Greg Wesson

L4 Transporter

Re: The hunt is on - 0day for java 1.7u10

Hello

Could you confirm that you are able to download 349 at this moment?

I got email:

"

Announcement:
Now Available - Emergency Content Release 349

created by panagent in Palo
Alto Networks Live
- View the announcement

Palo Alto Networks has issued emergency release 349 in response to"

But my PA-200 still reporting that 348 is latest release, also when I logged to PA support page in dynamic updates I cant find 349 relrase.

With regards

Slawek

L4 Transporter

Re: The hunt is on - 0day for java 1.7u10

now I got upgrade (but I have to check many times for new updates).

L6 Presenter

Re: The hunt is on - 0day for java 1.7u10

gwesson: Thanks! :-)

Bonusquestion, did PaloAlto see this coming through Wildfire?

I manually uploaded some of the .exe files found and they all got verdict malware so at least that part works.

slv: I guess we are all like vultures so all servers didnt have the file when the email was sent out? :-)

I can see it in dynamic updates here at support.paloaltonetworks.com so in worst case you can always load it manually.

L4 Transporter

Re: The hunt is on - 0day for java 1.7u10

WildFire won't test the JAR file, but it should test the dropper EXE that the JAR file attempts to download.

L4 Transporter

Re: The hunt is on - 0day for java 1.7u10

I could be wrong but JAR,Android and Mobile apps execution could be in the roadmap for future Wildfire enhancements.

L6 Presenter

Re: The hunt is on - 0day for java 1.7u10

Or at least they should be :-)

Anyone from PA who can confirm current status regarding Wildfire?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!