Java Zero-Day Vulnerability Rolled Into Exploit Packs

tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."

Re:Oh Java...

[Mathematiker]

You know the difference between a browser plugin and the JRE?

Do you really think that having eclipse or matlab installed on your computer (both contain a JRE) makes it magically vulnerable?

Re:Oh Java...

[Bill_the_Engineer]

At this point does any tech savvy user still have the Java Runtime Environment installed?

At this point does any tech savvy user don't know the difference between the Java Runtime Environment and the Java Browser Plugin? Just disable/remove the plugin.

Why does Slashdot glorify hackers?

[GodfatherofSoul]

These are the idiots who make life so difficult for legit network guys. That summary reads like George Washington just raided another British outpost. Whether for curiosity or profit, remember who the bad guys are!