More and More evidence is always stacking up to disable Java inside of your browser. This week, a new attack method was revealed by the “Next Generation Security Software” foundation, along with Ernest & Young Advanced Security Center. It turns out that attackers have been beginning to use a new stealth tactic to gain control over your browser. Security researchers have developed a new image that is combined with a malicious java applet. When the user views the image, the java applet silently runs and its payload delivered as if it was coming from the host website. The combined image/java applet is called a “Gifar”, and can be delivered to any website that allows image uploading. The website interprets the package as a picture, so doesn’t restrict its uploading.
How can you avoid this attack?
When you are going to a website that may contain user-uploaded images go into your browser’s “Options” settings and disable Java content.
Have You seen this used? Tell us your story!