New Year Java Zero-Day Attacks Under Way

Weather, news, adult websites getting hit, crimeware kits loaded with new exploits using the bug

Another Java zero-day exploit is in the wild and, once again, cries of “disable Java now” are going out.
The beleaguered application has yet another new bug and is the target of attacks as several ad networks are being redirected to Blackhole exploit sites. We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites, said Kurt Baumgartner, a Kaspersky Lab expert, in a blog post today.
Word of the new bug and exploitation first came from
a researcher who goes by the handle @Kafeine
, and was later confirmed by several other researchers, including AlienVault Labs. @Kafeine found that the Blackhole, Cool EK, Nuclear Pack, and Red Hole crimeware kits now include exploits for the zero-day.
The nature of the flaw itself has not yet been identified, but US-CERT has issued an alert
here
, confirming that Java 7 Update 10 and earlier are affected and could let a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Jaime Blasco of AlienVault Labs was able to reproduce an attack with the exploit against a fully patched Java platform. The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes as we saw in
CVE-2012-4681
, he
blogged
today.
No word yet from Oracle, but security experts are urging users and enterprises to disable Java browser plug-ins, as well as desktop Java apps.
Leave Java disabled (I am not going to recommend to disable it. If you still have it enabled, you probably have an urgent business need for it and cant disable it), Johannes Ullrich blogged in the SANS Internet Storm Center today. If you have any business critical applications that require Java: try to find a replacement. I dont think this will be the last flaw, and the focus on Java from people behind exploit kits like blackhole is likely going to lead to additional exploits down the road.
And this is likely only the first of many Java zero-day attacks to come this year, experts say.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Year Java Zero-Day Attacks Under Way