New spear of Black Hole exploit kit targets Java Vulnerability CVE-2012-1723
In early July, an update has been issued to the Blackhole exploit kit targeting Java vulnerability CVE-2012-1723. The vulnerability could evade the JRE (Java Runtime Environment) sandbox and load additional Java classes in order to perform malicious actions. Details about the vulnerability are here. A lot of the websites used with this attack, at the moment, that are detected by the Websense® ThreatSeeker® Network are newly registered websites.
Websense customers are protected from this threat with our Advanced Classification Engine - ACE that employs multiple methods to detect exploit kits generically and specifically in real time.
Looking at the past three years, the Java platform has been one of the most popular one targeted by attackers. Java was designed to be portable, meaning it works on virtually all computer operating systems like Windows, Mac, and Linux. We still remember the Mac OS malware Flashback that infected over 600,000 Apple computers worldwide in April 2012 using Java vulnerability CVE-2012-0507. Even now, we still see a lot of exploit kits that use CVE-2012-0507. Here are the Java platform vulnerabilities used in the wild since 2010:
- CVE-2010-0094
- CVE-2010-0094
- CVE-2010-0840
- CVE-2010-0842
- CVE-2010-0844
- CVE-2010-3552
- CVE-2010-0886
- CVE-2010-4452
- CVE-2011-3521
- CVE-2011-3554
- CVE-2012-0507
- CVE-2012-1723
Although Oracle released a patch in June for the latest vulnerability, cyber criminals are targeting machines that have not yet updated their platforms. We recommend to update the Java platform, if you have one installed, as soon as possible. Also, consider disabling the Java Plugin in your Web browser to reduce the risk if you are not using it a lot.