New Java 0-day added to Blackhole Exploit Kit

Patrik Runald

Earlier today we blogged about a new Java zero-day exploit (CVE-2012-4681) being used in a small number of attacks. That's about to change as exploit code for the Java vulnerability has been added to the most prevalent exploit kit out there; Blackhole.

Here's a snippet of the updated Blackhole code:

The Pre.jar file (VirusTotal link) will use the new vulnerability to install the malware (VirusTotal link) itself. In this particular attack it was a banking trojan as can be seen from our ThreatScope report. Websense customers using our Advanced Classification Engine (ACE) were proactively protected against the updated Blackhole kit by our real-time analytics.

Technically the new vulnerability is actually two separate vulnerabilities. A technical analysis of these two vulnerabilities is available at the blog Immunity Products in this post.

Patrik Runald

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Learn more about Forcepoint

New Java 0-day added to Blackhole Exploit Kit

Patrik Runald

About Forcepoint

Sign up for the latest from our research and development team

To the Point Cybersecurity

X-Labs

Get insight, analysis & news straight to your inbox

You are here

Patrik Runald

About Forcepoint

Sign up for the latest from our research and development team