Unpatched Java vulnerability exploited in Blackhole-based attacks

Attacks exploiting a new Java vulnerability have become widespread, Kaspersky researchers say

Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the new flaw was integrated into the popular Blackhole attack toolkit, according to security researchers from antivirus vendor Kaspersky Lab.

"The first victim regions to be hit with the Blackhole stuff were the U.S., the Russian Federation, Belarus, Germany, the Ukraine and Moldova," Kaspersky senior security researcher Kurt Baumgartner said Tuesday in a blog post.

Blackhole is one of the most popular of the commercial exploit toolkits that cybercriminals use to automatically infect computers with malware when their owners visit malicious or compromised websites.

Blackhole is sold on the underground market and comes packed with a variety of exploits for known vulnerabilities in browser plug-ins such as Java, Adobe Reader and Flash Player.

After a reliable exploit for the new Java vulnerability -- now identified as CVE-2012-4681 -- was released on Monday, many security researchers warned that cybercriminals would soon start targeting the flaw on a large scale.

Rumors that the exploit had been integrated into Blackhole started circulating on Tuesday morning after the toolkit's creator allegedly posted an announcement about it on an underground forum.

"SophosLabs has seen samples of [the exploit] from Blackhole and are analyzing them now to determine if they actually work," Chester Wisniewski, a senior security adviser at antivirus firm Sophos, said Tuesday via email. "So, yes, we can confirm it has been added, but still working out if they did it right."

Security researchers from antivirus vendor ESET also confirmed via email that Blackhole now includes the exploit.

Kaspersky's new report shows that not only has the exploit been added to Blackhole, but the toolkit's customers have already started using it.

"In relation to the other exploits included in the pack, victims are getting hit only a fair number of times with the 0day [the unpatched vulnerability]," Baumgartner said.

This might be because, according to reports from various vulnerability researchers, this new flaw only affects Java 7. "Java 7 is not as widely deployed as other vulnerable versions of frequently attacked client-side software," Baumgartner said Tuesday via email.

This means that there might be, for example, more computers on the Internet that run outdated installations of Java 6 that are vulnerable to older Blackhole exploits, than computers running Java 7.

Most security researchers advised users to uninstall or disable the Java Web plug-in from their browsers. However, other options are also available to users who can't afford to do this because they use Java-based applications on a regular basis.

"Oracle needs to step it up and deliver an OOB [out-of-band] patch, which historically they have failed to do," Baumgartner said in the blog post. "Maybe this event will provide even more pressure to step up their security update delivery process."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?