The malware infection found so far is the Poison Ivy Trojan which allows an attacker to remotely administer your computer – basically to do whatever they like…
All versions of the latest Java 7.x appear to be affected and the exploit works on all major web browsers in Windows. The next scheduled critical patch (fix) update from Oracle is not until October 16.
There appears to be no word from Oracle as to whether a fix will be rushed out any sooner – in fact I haven’t even found any acknowledgement from Oracle that the problem is being investigated. Until the vulnerability is fixed it would be safest to disable Java (or uninstall it).
Anyone with Java 7.x enabled as a plugin/add-on in their web browser is at risk.
You can easily check if Java is enabled by browsing to this website. If you see a message “Java is not detected” you should be safe – on that browser. Remember to test all web browsers that you use.
If you see a message that the Java plugin was detected then you do have Java enabled – disable it now to avoid this major security flaw.
To Disable Java – I’ve previously reviewed in detail how to do this:
Is Java Still Necessary?
I’ve tried to wean people off Java before but a shocking 84% of visitors to TechLogon still have it enabled – even though I guess no more than 10% of them ever actually need or use it.
Relatively few websites still use Java – it’s mainly reserved for a few web based games (e.g. Minecraft) and some online calculators. However, because it’s installed on the majority of computers, Java is increasingly the target of virus attack.
You could uninstall Java (like any other program) from your computer and have done with it – the problem is that you might need it outside of the web browser e.g. the popular LibreOffice program (free alternative to Microsoft Office) requires that Java is installed and you may find some other offline program you use does too.
If you know you don’t need Java, uninstall it.
If you’re not sure then it makes sense to just disable it in your web browser(s) to avoid web based exploits like the new one today – you can always re-enable it later if you need to (after Oracle have issued a fix).