August 28, 2012

New Java 0-day added to Blackhole Exploit Kit

Patrik Runald

Earlier today we blogged about a new Java zero-day exploit (CVE-2012-4681) being used in a small number of attacks. That's about to change as exploit code for the Java vulnerability has been added to the most prevalent exploit kit out there; Blackhole

Here's a snippet of the updated Blackhole code: 


The Pre.jar file (VirusTotal link) will use the new vulnerability to install the malware (VirusTotal link) itself. In this particular attack it was a banking trojan as can be seen from our ThreatScope report. Websense customers using our Advanced Classification Engine (ACE) were proactively protected against the updated Blackhole kit by our real-time analytics. 


Technically the new vulnerability is actually two separate vulnerabilities. A technical analysis of these two vulnerabilities is available at the blog Immunity Products in this post.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.