News

Hacker Kit Updated With Recently Discovered Java Exploit

• By Chris Paoli
• March 30, 2012

A recently disclosed Java vulnerability has been updated in the BlackHole kit, a popular exploit set among hackers. Security experts warn that a majority of Java users could be at risk.

The Java exploit allows attackers to bypass the Java Runtime Environment's sandbox platform to install malicious code remotely. Microsoft reported last week that it had observed this vulnerability being exploited in the wild last week.

Microsoft also tested to see if the vulnerability could easily be exploited. It successfully accessed the Java sandbox mode and installed the ZeuS Trojan on a test machine.

Cyber security blogger Brian Krebs said the vulnerability was spotted shortly after Microsoft's tests were made public.

"According to posts on several underground carding forums, the exploit has now been automatically rolled out to miscreants armed with BlackHole, by far the most widely used exploit pack," Krebs wrote in a blog post.

The newest patch from Java, which was released February 15, will protect users from this exploit. However, Marcus Carey, security researcher for Rapid7, estimates that a majority of Java users have yet to upgrade.

"Rapid7 researched the typical patch cycle for Java and identified a telling pattern of behavior," said Carey. "We found that during the first month after a Java patch is released, adoption is less than 10 percent. After two months, approximately 20 percent have applied patches and after three months, we found that more than 30 percent are patched. We determined that the highest patch rate last year was 38 percent with Java Version 6 Update 26 3 months after its release."

Based on Rapid7's observations, it is estimated that only around 10 percent of users are running the newest Java version.

It is recommended that those who have not patched to the latest version of Java do so as soon as possible. The update, including additional information on the patch, can be found here.