By the end of 2011, a hole was found on Rhino JavaScript, the technology which supports JavaScript to interact with Java. The hole made Oracle Java SE be able to penetrate any code segments (without right limit) though a specially prepared .jar file.

The hole exists on Oracle Java SE JDK and JRE 7 and 6 update 27 and earlier. The producer has quickly provided new version with patch for the vulnerability. However, at default mode, Java SE can only check the most updated version one time a month. This makes hackers become more excited to exploit the hole despite patch has been available for a long time.

According to Bkav Honeypot system, there are many viruses spread through this dangerous hole. Hackers build a website containing the malicious .jar file, then cheat users to access that site.

An email used to cheat users to access exploited links

Bkav recommends that if users have installed Java SE, they should rapidly update its newest version. The updating on Windows can be done as following:

- Click on Control Panel

- Click on Java icon

- On Java Control Panel window, choose Update tab

* Oracle Java SE (Java Platform Standard Edition) is an environment to run Java applications. Now, it is used widely in the world.

Bkav