Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java Zero-Day Vulnerability Rolled Into Exploit Packs

Posted by Unknown on from the just-can't-win dept.

tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."

3 of 193 comments (clear)

  1. Re:Just remove Java and get it over with by Minwee · · Score: 3, Funny

    But... but... Javascript is used all over the Web. You'd break almost everything if you uninstalled Java!

    I see. Have you tried turning it off and on again?

    Is it definitely plugged in?

  2. Re:Just remove Java and get it over with by DickBreath · · Score: 4, Funny

    Support: Have you tried pushing the 10 key?
    Customer: The 10 key? Do you mean F10?
    Support: No. The 10 key is a black rocker on the back of the computer with a 1 and a 0. Pushing that will make your computer secure.

    --

    I'll see your senator, and I'll raise you two judges.
  3. Re:Oh Java... by 0123456 · · Score: 1, Funny

    Don't forget 64-bit Firefox.

    Or all the other 64-bit browsers.

    Oh, I just realised he's running on that wacky Windows thing, where the OS is 64-bit but 99% of apps are still 32-bit.