Web malware exploitation kits updated with new Java exploit

Web malware exploitation kits updated with new Java exploit

Summary: Cybercriminals are quick to capitalize on the announcement of a newly discovered vulnerability -- CVE-2011-3544 -- in Java.

SHARE:

Cybercriminals are quick to capitalize on the announcement of a newly discovered vulnerability -- CVE-2011-3544 -- in Java.

According to researchers from M86Security, popular web malware exploitation kits such as Phoenix exploit kit 3.0 and the Blackhole Exploit Kit version 1.2.1 were updated with a new recent exploit before a patch had been released.

Does this mean that cybercriminals are actively relying on zero day flaws as a success factor for their malicious campaigns? Not at all, as zero day flaws are not the primary growth factor of the cybercrime ecosystem. Instead, the cybercriminals rely on already patched vulnerabilities, whose active exploitation is the primary objective of web malware exploitation kits.

Based on third-party research from multiple sources, we can clearly conclude that end users aren't patching their third-party applications and browser plugins, making it fairly easy for cybercriminals to actively exploit this trend.

Related posts:

Topics: Malware, Browser, Open Source, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • RE: Web malware exploitation kits updated with new Java exploit

    A Java exploit - You don't say!
    The one and only, Cylon Centurion
    • RE: Web malware exploitation kits updated with new Java exploit

      @Cylon Centurion
      I think it is just easier to call Java and Flash malware kits, or malware enablers. Then everybody knows where they stand :-D
      wright_is
      • RE: Web malware exploitation kits updated with new Java exploit

        @wright_is
        Agreed 100%.
        lehnerus2000
      • RE: Web malware exploitation kits updated with new Java exploit

        @wright_is

        +100
        gribittmep
  • Had this been Linux, it wouldn't matter with LSM

    Of course, Dancho, you know that. I've drilled that into your psyche.
    But, it bears repeating because not everybody knows that Ubuntu (my flavor Kubuntu) comes equipped with Linux Security Modules (LSM) and keeps the Zero-Days away.
    Dietrich T. Schmitz *Your
  • Since this is an old vulnerability that has been patched ...

    Download and install the updated jre from Oracle:<br><br> <a href="http://www.oracle.com/technetwork/java/javase/downloads/index.html" target="_blank" rel="nofollow">http://www.oracle.com/technetwork/java/javase/downloads/index.html</a><br><br>Then reduce your attack surface by whitelisting the web site(s) where you require Java and the Java plug-in won't be used for other sites. And note that the sites in one's whitelist, aka your so-called 'trusted sites', can and do get hacked. Also, with Firefox, the NoScript add-on will need to be downloaded and installed to get whitelisting capability for Java plug-ins. Chrome, Opera and IE have this capability built-in, but you still have to create and manage your whitelist.<br><br>If you don't need Java on your PC, uninstall it.
    Rabid Howler Monkey
    • RE: Web malware exploitation kits updated with new Java exploit

      @Rabid Howler Monkey

      And in the enterprise "all" you have to do is repeat this thousands of times.
      gribittmep
      • RE: Web malware exploitation kits updated with new Java exploit

        @gribittmep Enterprise admins can use Group Policy to push java updates, set trusted sites in IE and enable software restriction policy whitelisting. Combined with a limited user account (XP) or standard user account (Vista/7), this should nip Java-based exploits in the bud. No?
        Rabid Howler Monkey
    • RE: Web malware exploitation kits updated with new Java exploit

      @Rabid Howler Monkey

      Agreed, any enterprise worth its salt uses automated tools to push updates and policies. The issue is the frequency that these kinds of updates come about. It takes time to push the updates and is disruptive to the user base, especially if the update requires a reboot.
      gribittmep