13 of 15Image
Java applets, a rough grind
Believe it or not, when Java first appeared almost 20 years ago, security was one of the main points of it. How far it has fallen!
Java the language contains many features to make programming safer, but Java the environment for running those programs has proved buggy, leading to a large number of vulnerabilities and exploits, such asthis one. After Adobe improved their security in Flash and Acrobat, Java became the leading target for malware writers seeking to exploit Windows and, on occasion, non-Windows users.
As with Flash and Acrobat, no one Java vulnerability stands out, but there have been so many that Java itself is considered a problem on Windows PCs, and many recommend that it be removed.
In fairness to Java, it is basically the use of Java applets in browsers which have proven impossible to secure. Server-side Java is much more secure and successful.
Welchia: Just trying to help
Welchia is what they call a "helpful" worm. Instead of attacking, it attempts to download and install missing Windows security patches. What a great idea! What could possibly go wrong? go wrong? go wrong?
Because of the way the worm spread and the way it did its updates, it caused traffic storms on company networks as systems all pulled updates and communicated at the same time. Removal was a manual business, costing IT departments lots of time.
Welchia contains and displays many messages, including the ones displayed here, alluding to Japanese involvement in World War II.
Apache blows chunks
Apache Chunked-Encoding Memory Corruption Vulnerability is another in a group of remote code execution vulnerabilities in the Apache server in the early part of the last decade. This one could be exploited merely by sending a carefully crafted invalid request, and the vulnerable code was turned on by default.
This one was exploited in the wild leading to a particularly messy cleanup.