Underground Toolkit Arms Hackers For Java Flaw


A software toolkit popular among cyber-criminals has been updated to include malicious code targeting a critical Java vulnerability that experts say many Internet users have yet to patch.

The latest version of the BlackHole exploit kit targets browsers with the Java bug CVE-2012-0507. Microsoft reported last week that it had received malware samples exploiting the flaw. The vulnerability allows a hacker to bypass Java's sandbox mechanism and install a Trojan or other malicious code on a computer. A sandbox is a container that is suppose to confine an application, so its access to a computer is limited.

The BlackHole kit is typically installed in a hacked or malicious Web site. The kit is capable of attacking multiple plug-ins in the browsers of people visiting the site.

"Anytime an exploit, such as one for CVE-2012-0507, is added to mass exploit kits its goes from being a hypothetical risk to becoming a real risk," Marcus Carey, security researcher for Rapid7, said Thursday in an e-mailed statement.

The latest Java flaw is considered a serious threat because of the slow pace at which users update the plug-in. A patch for the Java bug was released in February, but based on the Java patching behavior of 28 million Internet users, Rapid7 estimates that from 60 percent to 80 percent of computers running Java are vulnerable. The bug affects all operating systems, including Windows, starting with XP, Ubuntu and Mac OS X.

In general, up to 60 percent of Java installations are never updated to the latest version, according to Rapid7.