Web malware exploitation kits updated with new Java exploit
Summary: Cybercriminals are quick to capitalize on the announcement of a newly discovered vulnerability -- CVE-2011-3544 -- in Java.
Cybercriminals are quick to capitalize on the announcement of a newly discovered vulnerability -- CVE-2011-3544 -- in Java.
According to researchers from M86Security, popular web malware exploitation kits such as Phoenix exploit kit 3.0 and the Blackhole Exploit Kit version 1.2.1 were updated with a new recent exploit before a patch had been released.
Does this mean that cybercriminals are actively relying on zero day flaws as a success factor for their malicious campaigns? Not at all, as zero day flaws are not the primary growth factor of the cybercrime ecosystem. Instead, the cybercriminals rely on already patched vulnerabilities, whose active exploitation is the primary objective of web malware exploitation kits.
Based on third-party research from multiple sources, we can clearly conclude that end users aren't patching their third-party applications and browser plugins, making it fairly easy for cybercriminals to actively exploit this trend.
Related posts:
- 37 percent of users browsing the Web with insecure Java versions
- 56 percent of enterprise users using vulnerable Adobe Reader plugins
- Kaspersky: 12 different vulnerabilities detected on every PC
- Report: malicious PDF files becoming the attack vector of choice
- Report: Patched vulnerabilities remain prime exploitation vector
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Web malware exploitation kits updated with new Java exploit
RE: Web malware exploitation kits updated with new Java exploit
I think it is just easier to call Java and Flash malware kits, or malware enablers. Then everybody knows where they stand :-D
RE: Web malware exploitation kits updated with new Java exploit
Agreed 100%.
RE: Web malware exploitation kits updated with new Java exploit
+100
Had this been Linux, it wouldn't matter with LSM
But, it bears repeating because not everybody knows that Ubuntu (my flavor Kubuntu) comes equipped with Linux Security Modules (LSM) and keeps the Zero-Days away.
Since this is an old vulnerability that has been patched ...
RE: Web malware exploitation kits updated with new Java exploit
And in the enterprise "all" you have to do is repeat this thousands of times.
RE: Web malware exploitation kits updated with new Java exploit
RE: Web malware exploitation kits updated with new Java exploit
Agreed, any enterprise worth its salt uses automated tools to push updates and policies. The issue is the frequency that these kinds of updates come about. It takes time to push the updates and is disruptive to the user base, especially if the update requires a reboot.