MS "unprecedented wave" Java malware exploits

Over 6,000,000 in month .

Disable java?
No way to disable Jave in Google Chrome?


There has been an "unprecedented wave" of exploits against vulnerabilities in Oracle's Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse:
Over the last few years, the main focus of vulnerability protection has been steadily moving away from the OS and instead to the browser,( BAD MOVE BUT EASY ON MS, G ) and the applications that it depends on. Last year, Adobe Reader took the crown away from Microsoft Office as the software with the most vulnerabilities. Brad Arkin, Senior Director of Product Security & Privacy for Adobe Systems, announced in May 2009 that a major Adobe Reader and Acrobat security initiative was underway: code hardening, incident response process improvements, and a shift to a regular security update schedule.
SOURCE:


Risks:
Examination of "source" page above.
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars

Combine external JavaScript (11)
Enable gzip compression (2)
Leverage browser caching (77)
Leverage proxy caching (40)
Minimize cookie size
Serve static content from a cookieless domain (8)
Specify image dimensions (1)
Web Page Performance
Optimize the order of styles and scripts (5)
Put CSS in the document head (1)
Remove unused CSS rules (776)

empty.htmlFailed to load resource
b:-1Resource interpreted as image but transferred with MIME type text/plain.
count:-
1Resource interpreted as script but transferred with MIME type application/json.
count.json:-
1Resource interpreted as script but transferred with MIME type application/json.

Unsafe JavaScript attempt to access frame with URL
 http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL
 http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL
http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://ad.adlegend.com/iframe?spacedesc=2000398_1090258_728x90_1201153_2000398&target=_blank&@CPSC@=http://ad.doubleclick.net/click%3Bh%3Dv8/3a38/3/0/%2a/w%3B229161266%3B0-0%3B0%3B31555509%3B3454-728/90%3B38708792/38726549/1%3B%3B%7Eaopt%3D3/1/96/0%3B%7Esscs%3D%3f. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.reddit.com/static/button/button1.html?width=120&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&title=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&bgcolor=fff&bordercolor=eee from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars&layout=button_count&show_faces=false&width=85&action=like&font=arial&colorscheme=light&height=21 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://www.facebook.com/connect/connect.php?id=19374573752&connections=10&stream=0&css&locale=en_US&logobar=0 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.arstechnica.net//public/v6/footer.html?1287260854 from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1287481343826&count=horizontal&counturl=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2010%2F10%2Fmicrosoft-sees-unprecedented-wave-of-java-malware-exploits.ars〈=en&text=Microsoft%20sees%20%22unprecedented%20wave%22%20of%20Java%20malware%20exploits&url=http%3A%2F%2Farst.ch%2Fmuc&via=arstechnica from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://static.addtoany.com/menu/sm1.html#page;http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://ad.adlegend.com/iframe?spacedesc=2000398_1090258_728x90_1201153_2000398&target=_blank&@CPSC@=http://ad.doubleclick.net/click%3Bh%3Dv8/3a38/3/0/%2a/w%3B229161266%3B0-0%3B0%3B31555509%3B3454-728/90%3B38708792/38726549/1%3B%3B%7Eaopt%3D3/1/96/0%3B%7Esscs%3D%3f from frame with URL http://arstechnica.com/business/news/2010/10/microsoft-sees-unprecedented-wave-of-java-malware-exploits.ars. Domains, protocols and ports must match.


G
Tactical Internet Systems analyst.
.