Categories: SecurityWorkspace

Blackhole Crimeware Attacks Java Flaws

The underground developers behind the Blackhole exploit kit updated the framework the week of 9 July with a module that can easily compromise computers systems using a month-old flaw in Java.

Because most PC users and companies can take months to update third-party software, the exploit will like remain effective for some time to come, security software firm Websense stated in a blog post published on 16 July.

Java attacks

It’s the latest demonstration of online attackers’ fondness for exploiting security holes in Java. Exploit kits, such as Blackhole, are used by cybercriminals to automate the creation of programs to infect victims’ computer systems and targeting flaws in Java has become a reliable method of infection. Since 2010, exploit kits have added almost a dozen Java vulnerabilities to their list of flaws targeted for exploitation, according to security software firm Websense.

“It has become the number one vector of attack for exploit kits,” says Chris Astacio, manager of security research for Websense. “Most of the time Java just sits on a computer – people don’t remember using it, or when or where they used it, or even for what, so half the time, it doesn’t even update.”

Several characteristics of the Java software platform have made it a favorite of attackers. Java is popular and runs on a large number of operating systems giving attackers a potentially large base of victims. Moreover, the software update mechanism is not automatic by default and frequently leaves older – and vulnerable – versions on many systems.

Updates can be so confusing that exploits for known Java vulnerabilities have regularly had a greater than 70 percent chance of success, according to Jason Jones, lead of the advanced security intelligence team at Hewlett-Packard’s DVLabs.

High success rate

“That’s a crazy success rate,” he says. “Especially since other exploits have had a (less than 15 percent) success rate.”

Many security experts, including Websense, recommend that users disable the Java browser plugin to protect against Internet attacks that use the plugin to compromise vulnerable systems.

The latest exploit built into the Blackhole kit may be based on a description written by security researcher Michael Schierl, who coded his own proof-of-concept in about an hour, according to a description of the effort. The program ended up being quite compact, about 50 lines of code.

“The resulting exploit is quite short…, and I am sure you can make it shorter if you really try,” he stated. “However, I don’t want to make it too easy for criminals to leverage this vulnerability just by copying and pasting; therefore I won’t publish my exploit code in the near future.”

Oracle patched the vulnerability in mid-June.

Other toolkits to follow

The latest Java exploit will likely get picked up by other toolkits, such as Phoenix, quite quickly says, Websense’s Astacio. The authors of the frameworks tend to borrow each other’s latest techniques, he says. More than five years ago, most attacks focused on vulnerabilities in Microsoft Office and then moved to Adobe’s Acrobat program. Only in the last few years have the attackers really focused on Java.

“Java was not heavily used for exploit kits two or three years ago, but they tend to trickle into one kit and then they spread to others,” he says.

Do you know the secrets of Wi-Fi? Take our quiz.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

20 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

22 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

1 day ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

2 days ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

2 days ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

2 days ago