# Java-Sicherheitslücke und Ransomware



## Aka-Aka (16 Januar 2013)

http://www.heise.de/security/meldung/BSI-empfiehlt-Deinstallation-von-Java-1782352.html



> Das Bundesamt für Sicherheit in der Informationstechnik (BSI) warnt vor der gefährlichen Schwachstelle in der aktuellen Java-Version, die bereits zur Verbreitung von Schädlingen missbraucht wird.


So schaut's aus...



> http://www.hotforsecurity.com/blog/police-ransomware-becomes-java-0-day-borne-5032.html
> Bitdefender has identified multiple campaigns that use the CVE-2013-0422 bug in Java to infect client machines with the notorious IcePol (also known as Reveton). Once the computer is successfully infected, the user is denied access to the desktop until payment of a ransom, which the criminals call a ‘fine’.


 
Immerhin knapp 4% der weltweit Betroffenen sind Deutsche.


----------



## Devilfrank (17 Januar 2013)

Wer Java nicht für bestimmte Programme benötigt, sollte es deinstallieren. Im Web wird es fast nirgends benötigt und ist nach wie vor unsicher, auch wenn es gestern ein Update gab.
US-CERT warnt weiterhin vor Einsatz von Java
 new-java-exploit-fetches-5000-per-buyer


----------



## Aka-Aka (17 Januar 2013)

> The US Department of Homeland Security is telling all computer users to disable Java is they have it installed on their computers. Java is a computer program and language that was once widely used but which is no longer needed by most users. Vulnerability in the program was discovered that allows hackers to take control of computers under certain conditions. According to DHS, there is no known work-around for the issue other than to uninstall the program.
> The DHS warning is highly unusual. But in this case, the threat to computer users appears to warrant government scrutiny. According to the warnings, the vulnerability in the program allows hackers to install malicious software on computers running Java when they visit specially designed HTML pages. Put another way, if you are running Java on your computer and you visit the wrong website, you could have a real problem.


http://www.guardmycreditfile.org/in...-id-theft/?goback=.gde_86774_member_205277845


----------

