Only 9 of 22 virus scanners block Java exploit
According to an analysis conducted by the AV-Comparatives test lab on behalf of The H's associates at heise Security, less than half of the 22 anti-virus programs tested protect users against the currently circulating Java exploit that targets a highly critical vulnerability in Java version 7 Update 6.
Two versions of the exploit were tested: the basic version that was largely based on the published proof of concept and started the notepad instead of the calculator, and, for the second variant, heise Security added a download routine that writes an EXE file to disk from the internet. The test system was Windows XP that, except in the case of Avast, Microsoft and Panda, had the full versions of the security suites installed. For Avast, Microsoft and Panda, the researchers used the free versions of the products.
Only 9 of the 22 tested products managed to block both variants of the exploit (Avast Free, AVG, Avira, ESET, G Data, Kaspersky, PC Tools, Sophos and Symantec). Twelve virus scanners were found to be unsuccessful (AhnLab, Bitdefender, BullGuard, eScan, F-Secure, Fortinet, GFI-Vipre, Ikarus, McAfee, Panda Cloud Antivirus, Trend Micro and Webroot). Microsoft's free Security Essentials component at least managed to block the basic version of the exploit.
It should be pointed out that these results are based on a snapshot taken on 30 August at 1pm and don't represent the overall quality of these anti-virus programs. The tested version of Java was current at the time, and the exploit code had been in circulation for several days.
These findings demonstrate that it is unwise to base the protection of a system on a virus scanner alone. To prevent installed applications and plugins from becoming malware hideouts, these must also be kept up to date. Oracle appears to have now closed the critical Java hole with the release of Java version 7 Update 7 on Thursday evening. Those who have Java installed on their systems should update to the new version as soon as possible.
The exploit is bound to be a highly popular item in the armouries of cyber crooks for years to come because it is platform-independent and highly reliable. Just how reliable it is becomes clear when examining the statistics of an installation of the BlackHole exploit toolkit: after the integration of the exploit, the Java exploits achieved a success rate of between 75 and 99 per cent. Overall, BlackHole managed to infect every fourth computer – the usual success rate is one in ten.