14 DAY TRIAL // A large number of Java vulnerabilities have been discovered over the last period. This is probably why some cybercriminal gang has decided to release an exploit kit which currently uses only Java exploits to infect computers.
According to Webroot experts, the kit only leverages CVE-2012-1723 and CVE-2013-0431, both of which have been patched by Oracle, but the cybercriminals say more might be added soon.
So far, most of the users whose computers have been infected with malware through this exploit kit are based in the United States. Most of the devices are running Windows NT 6.1 and Windows XP, but there are also some Mac OS X hosts that have been compromised.
However, the success rate of this campaign was only 9.5% when researchers analyzed it, most likely because of the small number of client-side vulnerabilities exploited.
“For the time being, customers can choose whether they want to manually rotate the client-side exploits serving domains/IPs, or whether they’d want the cybercriminals selling the kit to do it for them as a managed service,” Webroot’s Dancho Danchev explained.
“Customers of the exploit kit will also receive notifications one their domains start getting detected by security vendors, through the Domain Check service,” he added.
It’s worth noting that the cybercriminals who advertise the exploit kit are outsourcing most of the project and they’re only renting it on their own bulletproof servers. Customers who want to operate the exploit kit on their own servers have to contact the developer directly.
Experts believe that such an exploit kit can’t cause any widespread damage on an international level, mainly because many organizations have disabled Java after all the negative reports and advisories.
The new exploit kit is being rented for $40 (30 EUR) for 24 hours, $150 (114 EUR) for a week, or $450 (354 EUR) for a month.