according to:
https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html
It was released by "Chinese researcher". There are no coincidences.
Of course I am not pentester,but I know something about those infosecurity branch and I assure you : NOBODY SANE WOULD RELEASE 0day Proof of Concept BEFORE PATCHES ALREADY WOULD BE MADE.
And also NO,none black hat (criminal hacker) would release that as well as 0day's are regularly bought by intelligence agencies or used by hackers and for white hat legal "hackers" (pentesters) bounties for eligible zero-day exploits range from $2,500 to $2,500,000 , so on black market such working exploit would be worth MILLIONS.
You got it ? Millions $. Nobody sane would EVER release such thing to public without allowing to prepare and criminal would want to earn his fucking money on it.
It is cover story for terrorist attack against the internet we use.Terrorist attack which (oficially) originated from China. It is probably part of their cyber polygon in real life.
**And I write this because it is time anons to do something.I have to ask you to do something.. Full scale memetic answer for this because they shut down the internet is the only option. We must inform people about the truth about this attack before they will shut down the net everywhere we can.
I have also warning for those who want to install those update:
u/BidenIsAPedoFreak wrote on GA
The patch is probably remdesivir or some bullshit they’re force feeding onto poor unsuspecting IT dipshits
And I am suspecting he might be right. Some security researchers shall audit the patch probably.
There is nothing new in that vulnerability. May be it was 0-day in distant past, but definitely not now.
And here is how to exploit it, for free:
How JNDI injection works - https://www.veracode.com/blog/research/exploiting-jndi-injections-java
The core of that hack is a few year (or may be even decade) old hole in all that EnTeRpRi$E java crap. As real EnTeRpRi$Es, no one really do something with it, as usual they make meeting, teambuildings, wrote reports and allocate funds, with millions of presentations and bullshit talk.
They just dig out this old thing to cover all that money laundering and privatisation of company money "cyberattacks" scheme that become very popular in last year.
MSM lies. Even if they are "IT" MSM's. The reality always differ from what they tell you.