Unpatched Java Attacks Starting

Thursday, August 30, 2012 @ 04:08 PM gHale

Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the flaw integrated into the popular Blackhole attack toolkit.

“The first victim regions to be hit with the Blackhole stuff were the U.S., the Russian Federation, Belarus, Germany, the Ukraine and Moldova,” said Kaspersky Lab senior security researcher Kurt Baumgartner.

New Java Zero Day in Play
Java Flaw Patched; Attackers Pounce
Oracle Holes Hit AV Provider
Others Suffer from Oracle Patch

Blackhole is one of the most popular of the commercial exploit toolkits that cyber criminals use to automatically infect computers with malware.

Blackhole sells on the underground market and comes packed with a variety of exploits for vulnerabilities in some of the more popular browser plug-ins such as Java, Adobe Reader and Flash Player.

After a reliable exploit for the new Java vulnerability — CVE-2012-4681 — released Monday, security researchers warned that cybercriminals would soon start targeting the flaw on a large scale.

The fears became true as the exploit quickly integrated into Blackhole.

“SophosLabs has seen samples of [the exploit] from Blackhole and are analyzing them now to determine if they actually work,” said Chester Wisniewski, a senior security adviser at antivirus firm Sophos. “So, yes, we can confirm it has been added, but still working out if they did it right.”

Security researchers from antivirus vendor ESET also confirmed Blackhole now includes the exploit.

Kaspersky’s new report shows not only is the exploit in Blackhole, the toolkit’s customers have already started using it.

“In relation to the other exploits included in the pack, victims are getting hit only a fair number of times with the Zero Day,” Baumgartner said.

This might be because, according to reports from various vulnerability researchers, this new flaw only affects Java 7. “Java 7 is not as widely deployed as other vulnerable versions of frequently attacked client-side software,” Baumgartner said.

Security researchers are advising users to uninstall or disable the Java Web plug-in from their browsers. However, other options are also available to users who can’t afford to do this because they use Java-based applications on a regular basis.

Leave a Reply

You must be logged in to post a comment.