Page 1 of 2
A zero-day attack against one of the most widely used software products in the industry has now been productized into the Black Hole exploit kit, which is very popular with the hacker community, according to researchers from WebSense Labs. This development means that the likelihood of infection has become elevated due to the sheer number of people who will be capitalizing on this latest attack vector involving Java 7, potentially affecting BYOD in the enterprise.
The attack was discovered on Sunday with the source determined to be based in China. It's been further discovered that the attack is based on not one but two vulnerabilities in Java 7 that are being used in tandem.
"This is actually two vulnerabilities knocked into one .jar file," said Chris Astacio, manager of security research at Websense Security Labs. "The unfortunate thing is that once a zero-day like this happens and is found out in the wild, a developer for a kit like Black Hole will find it, reverse engineer it and integrate it into his own kit. This can happen very quickly, and in this case it happened in about a day."
The attack is based on the downloading of a file entitled "applet.jar," which then accesses, downloads and executes a payload known as "hi.exe," a variant of the malware known as, "Poison Ivy," which then contacts and follows the instructions of command-and-control servers based in Asia.
It appears that all major browsers are more or less equally affected. While most of the attacks, thus far, have been focused on Windows machines, it is also believed that the same vulnerabilities impact Linux and OS X, including Mountain Lion 10.8.1, as well.
So far, antivirus packages have had a very spotty track record in dealing with the exploit. According to Astacio, only 19 out of the 42 major AV products are currently recognizing this attack.