Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > TRUSTEER COMMENT ON JAVA-BASED MALWARE INFILTRATION

TRUSTEER COMMENT ON JAVA-BASED MALWARE INFILTRATION

Published by Gbaf News

Posted on January 16, 2014

3 min read

Last updated: January 22, 2026

European stock market graphic illustrating flat trading amid industrial gains - Global Banking & Finance Review — This image depicts the European stock market trends, reflecting recent fluctuations. It highlights the balance between rising industrial shares and healthcare losses, relevant to the article on European financial markets.

It has been reported that a group of cyber attackers, believed to have ties to the Chinese government, have infiltrated U.S. companies and established a long-term presence using Java-based malware, Javafog.

Dana Tamir, director of enterprise security at Trusteer

Dana Tamir, director of enterprise security at Trusteer

Dana Tamir, director of enterprise security at Trusteer, an IBM company, commented:
“Java offers powerful capabilities for businesses. Today almost every organisation relies on Java applications. But Java is a high risk application that exposes organisations to advanced attacks. Java has numerous vulnerabilities that can be exploited to deliver malware and compromise users’ machines. Malware written in Java code, like the Javafog Trojan, is extremely difficult to detect and therefore can remain stealthy for longer periods of time. The Java protections that are available today are very limited in their capabilities, especially against zero-day threats. Because organisations can’t eliminate Java from their environments, it is not surprising that adversaries and cyber-criminals are using malicious Java code to infiltrate them.

To prevent Java exploits and malware-based infiltrations, it is important to restrict execution only to known trusted Java files. Since organisations struggle to manage and maintain a complete list of all known trusted files, they should at least restrict execution to files that have been signed by trusted vendors, or downloaded from trusted domains. Otherwise untrusted Java files should not be allowed to freely execute within the enterprise environment. Restriction of untrusted Java allows organisations to safely run their business without exposing themselves to such risk.”

It has been reported that a group of cyber attackers, believed to have ties to the Chinese government, have infiltrated U.S. companies and established a long-term presence using Java-based malware, Javafog.

Dana Tamir, director of enterprise security at Trusteer

Dana Tamir, director of enterprise security at Trusteer

Dana Tamir, director of enterprise security at Trusteer, an IBM company, commented:
“Java offers powerful capabilities for businesses. Today almost every organisation relies on Java applications. But Java is a high risk application that exposes organisations to advanced attacks. Java has numerous vulnerabilities that can be exploited to deliver malware and compromise users’ machines. Malware written in Java code, like the Javafog Trojan, is extremely difficult to detect and therefore can remain stealthy for longer periods of time. The Java protections that are available today are very limited in their capabilities, especially against zero-day threats. Because organisations can’t eliminate Java from their environments, it is not surprising that adversaries and cyber-criminals are using malicious Java code to infiltrate them.

To prevent Java exploits and malware-based infiltrations, it is important to restrict execution only to known trusted Java files. Since organisations struggle to manage and maintain a complete list of all known trusted files, they should at least restrict execution to files that have been signed by trusted vendors, or downloaded from trusted domains. Otherwise untrusted Java files should not be allowed to freely execute within the enterprise environment. Restriction of untrusted Java allows organisations to safely run their business without exposing themselves to such risk.”