Java 1.7 CVE-2012-0422 Detection

This has proven useful to detect Java 1.7 clients being exploited regardless of exploit kit.

HTTP Request Method = GET
User-Agent = Mozilla/4.0*Java/1.7.0_*
Content-type = application/x-download or application/octet-stream or application/x-msdownload

May be some FPs, may want to add !*.class and !*.jar

Reference: http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html

Comments are closed.