Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Cloudera Newsroom 2022 Intel Partner Connect 2021

Underground Toolkit Arms Hackers For Java Flaw

The popular BlackHole software toolkit used by cyber-criminals has been updated to include malicious code exploiting a critical Java vulnerability.

The latest version of the BlackHole exploit kit targets browsers with the Java bug CVE-2012-0507. Microsoft reported last week that it had received malware samples exploiting the flaw. The vulnerability allows a hacker to bypass Java's sandbox mechanism and install a Trojan or other malicious code on a computer. A sandbox is a container that is suppose to confine an application, so its access to a computer is limited.

The BlackHole kit is typically installed in a hacked or malicious Web site. The kit is capable of attacking multiple plug-ins in the browsers of people visiting the site.

"Anytime an exploit, such as one for CVE-2012-0507, is added to mass exploit kits its goes from being a hypothetical risk to becoming a real risk," Marcus Carey, security researcher for Rapid7, said Thursday in an e-mailed statement.

The latest Java flaw is considered a serious threat because of the slow pace at which users update the plug-in. A patch for the Java bug was released in February, but based on the Java patching behavior of 28 million Internet users, Rapid7 estimates that from 60 percent to 80 percent of computers running Java are vulnerable. The bug affects all operating systems, including Windows, starting with XP, Ubuntu and Mac OS X.

In general, up to 60 percent of Java installations are never updated to the latest version, according to Rapid7.

Back to Top

Video

     

    trending stories

    sponsored resources