Java Zero-Day Vulnerability Rolled Into Exploit Packs

Posted by Unknown on Thursday January 10, 2013 @04:33AM from the just-can't-win dept.

tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."

1 of 193 comments (clear)

Min score:

Reason:

Sort:

Re:Just remove Java and get it over with by medv4380 · 2013-01-10 04:53 · Score: 1, Flamebait

Copy the JRE folder into the Minecraft folder and write a batch file to launch it. Then Kill Java. Works for some enterprise environments too, but not all. All Browsers should block Java. Applets are nothing but plague rats now, and should be burned with fire.