Security researcher Brian Krebs stumbled upon a new exploit kit that relies on a recently patched security flaw present in Java, being packaged with the infamous BlackHole.
It seems as all the versions of Oracle’s Java are susceptible to the attack, except for the latest variants, but considering the fact that many don’t rush to update these components, the exploit could be used successfully against many devices.
Even more worryingly, these means of attack can be easily turned into automated tools, which once placed on a website, can infect the machines of unsuspecting Internet users without much effort.
“Java exploits are notoriously successful when bundled into commercial exploit packs, software kits that can turn a hacked Web site into a virtual minefield for Web users who aren’t keeping up to date with the latest security patches,” says
Curiously, the Java exploit works on most browsers, except for Google Chrome, which for some reason in many cases mitigates attacks launched with the new package.
The security journalist also believes that, theoretically, such an attack can also work against Mac OS X operating systems, but so far it’s only been tested on Windows platforms.
The hacker that advertised the newest Java exploit is giving it away for free to customers that already purchased the BlackHole kit, but for newcomers, the price is around $4,000 (2,800 EUR), plus the cost of the Blackhole license.
This being said, it’s no wonder that cybercriminals will often engage in other criminal activities such as illegal drug sales
. If the underground salesman offers you anything you need from servers to complete exploit manuals, there isn’t much need for advanced hacking skills.
Components like Flash Player or Java have always been favored by hackers to launch attacks, and their vendors have become more aware of this fact. That’s precisely why users who rely on them to perform everyday activities should always install the latest version to make sure they’re protected against the latest threats.