BlackHole Toolkit Improves as Fresh Java Exploit Incorporated
Brian Krebs, security researcher recently came across one fresh exploit toolkit, which uses patched vulnerability within Oracle's Java as it comes bundled with the notorious malware kit BlackHole. Softpedia.com published this on November 28, 2011.
Apparently, every edition of the Java is prone to assault by the exploit other than the latest ones; however, given that plentiful users don't make the component up-to-date on an urgent basis, attackers can effectively utilize the exploit on various systems.
A still more disturbing issue is that such exploit kits used for attacks are simple to convert into automated software that when loaded onto any website, contaminate PCs of unwitting Web-surfers.
Further, it has been found that Java exploits greatly enable attacks to be successful whilst packaged with tradable exploit kits i.e. software tools, which are capable of converting one compromised website into one absolute platform for harvesting data when Internet-users don't update software with the current software fixes, states Krebs. Infosecurity-magazine.com published this dated November 28, 2011.
Krebs adds that for the exploit to enable successful malware attacks, users should simply be made to visit one booby-trapped website into Microsoft's Internet Explorer or Mozilla's Firefox where the Java software of any older version is enabled.
Moreover, since Java represents a cross-platform component, theoretically the above assault can let hackers invade PCs having Mac OS X, in particular. Hitherto, however, solely the Windows-PCs have been targeted with the exploit, which's gradually being included inside the widely-used BlackHole, observes Krebs on krebsonsecurity.com dated November 28, 2011.
Incidentally, according to the attacker mainly behind trading BlackHole, fresh Java attack code was getting distributed at no chargeable price to license holders. Others could get the exploit for $4,000 along with paying $700 for using it over a 3-month period, $1,000 over a 6-month alternatively, $1,500 over a 12-month. Besides, the BlackHole creator trades a hosting service he himself provides wherein end-users get attack-proof servers having the malware kit, already installed, on hire for $200/week alternatively $500/month, Krebs reports.
Thus the researcher, also a security journalist, adds that end-users should load Java's latest edition as safeguard from the new exploit's activities.
Related article: Blackhole Exploit Injected into USPS Website
» SPAMfighter News - 05-12-2011