The infamous exploit packs Blackhole and Nuclear Pack now feature a new zero-day Java exploit that exploits the Java vulnerability CVE-2013-0422. The latest version of Java 7 Update 10 is affected.
These exploit packs are available as “off the shelf” malware kits – available to criminals to infect any machine that visits a website they own, or have exploited and loaded their malware infection tools to.
Malware spreading through drive-by-downloads often utilizes exploit packs, which are able to serve malware variants without any user interaction, as opposed to other techniques relying on social engineering.
While users of ESET security products are protected from this threat (we detect it as Java/Exploit.CVE-2013-0422) we do concur with the advice given by Brian Krebs to disable Java if not needed, so as to minimize the potential attack vectors used by malware.
Robert Lipovsky
Malware Researcher
Related:
– How to Update Java Manually / How to check you have the latest Java
– Java Exploit (zero-day) is actively being exploited by hackers
Quoting Brian Krebs – Respected Security Expert and author of Krebs On Security:
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day (known as CVE-2013-0422) was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.