Categories: SecurityWorkspace

Blackhole Crimeware Attacks Java Flaws

The underground developers behind the Blackhole exploit kit updated the framework the week of 9 July with a module that can easily compromise computers systems using a month-old flaw in Java.

Because most PC users and companies can take months to update third-party software, the exploit will like remain effective for some time to come, security software firm Websense stated in a blog post published on 16 July.

Java attacks

It’s the latest demonstration of online attackers’ fondness for exploiting security holes in Java. Exploit kits, such as Blackhole, are used by cybercriminals to automate the creation of programs to infect victims’ computer systems and targeting flaws in Java has become a reliable method of infection. Since 2010, exploit kits have added almost a dozen Java vulnerabilities to their list of flaws targeted for exploitation, according to security software firm Websense.

“It has become the number one vector of attack for exploit kits,” says Chris Astacio, manager of security research for Websense. “Most of the time Java just sits on a computer – people don’t remember using it, or when or where they used it, or even for what, so half the time, it doesn’t even update.”

Several characteristics of the Java software platform have made it a favorite of attackers. Java is popular and runs on a large number of operating systems giving attackers a potentially large base of victims. Moreover, the software update mechanism is not automatic by default and frequently leaves older – and vulnerable – versions on many systems.

Updates can be so confusing that exploits for known Java vulnerabilities have regularly had a greater than 70 percent chance of success, according to Jason Jones, lead of the advanced security intelligence team at Hewlett-Packard’s DVLabs.

High success rate

“That’s a crazy success rate,” he says. “Especially since other exploits have had a (less than 15 percent) success rate.”

Many security experts, including Websense, recommend that users disable the Java browser plugin to protect against Internet attacks that use the plugin to compromise vulnerable systems.

The latest exploit built into the Blackhole kit may be based on a description written by security researcher Michael Schierl, who coded his own proof-of-concept in about an hour, according to a description of the effort. The program ended up being quite compact, about 50 lines of code.

“The resulting exploit is quite short…, and I am sure you can make it shorter if you really try,” he stated. “However, I don’t want to make it too easy for criminals to leverage this vulnerability just by copying and pasting; therefore I won’t publish my exploit code in the near future.”

Oracle patched the vulnerability in mid-June.

Other toolkits to follow

The latest Java exploit will likely get picked up by other toolkits, such as Phoenix, quite quickly says, Websense’s Astacio. The authors of the frameworks tend to borrow each other’s latest techniques, he says. More than five years ago, most attacks focused on vulnerabilities in Microsoft Office and then moved to Adobe’s Acrobat program. Only in the last few years have the attackers really focused on Java.

“Java was not heavily used for exploit kits two or three years ago, but they tend to trickle into one kit and then they spread to others,” he says.

Do you know the secrets of Wi-Fi? Take our quiz.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

20 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

21 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

21 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

22 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

22 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

23 hours ago