Hackers add Java exploit to BlackHole toolkit

The BlackHole exploit toolkit has been updated with the ability to launch attacks that take advantage of a recently patched vulnerability in Java, researchers said Monday.

The upgrade, first reported Thursday by security blogger Brian Krebs, now includes the Java exploit, which users can avoid if they have installed the latest round of patches from Oracle, said Alex Kirk, a researcher at security firm Sourcefire.

"Of course, just because a patch is available doesn't mean it's been applied -- most exploit kits thrive off of reliable exploits of bugs that are often two or more years old -- so adding a new, current attack to the BlackHole arsenal will only make it that much more dangerous," Kirk wrote in a blog post. "Since there are now public write-ups, including proof-of-concept exploits, this bug is likely to be a pain in defenders' sides even outside the context of BlackHole."

Sourcefire researchers analyzed at least one example of the exploit, which arrived via a phishing email claiming to come from LinkedIn.

BlackHole is one of the more popular crimeware kits available online and is responsible for a large number of threats detected by anti-virus firms. Cyber criminals use it to compromise a legitimate site, usually one that is running an outdated version of some off-the-shelf content management system or e-commerce application. Visitors landing on the hacked site then are either redirected or hit with a drive-by download. The kit often takes advantage of vulnerabilities in Java, Adobe Reader or Flash, or Internet Explorer. WordPress blogs are also commonly targeted.