FireEye published a report detailing the three most commonly exploited Java bugs which, in some instances, have been used in targeted attacks.
Abhishek Singh, one of the report's authors, named the top vulnerabilities in a Wednesday blog post – CVE-2012-0507, CVE-2013-2465 and CVE-2012-1723. The report further highlighted the three most prevalent behaviors in malicious Jar files: “the usage of reflection, presence of data obfuscation and behavior to download a malicious executable.”
Exploit kits (EKs) leveraging the flaws were also named in the report, namely an EK relatively newer to the black market, called “Rig Exploit,” which makes use of CVE-2012-0507 to spread crimeware to victims, and “Fiesta EK,” which uses CVE-2013-2465.
Fiesta EK “has proven itself a formidable weapon, able to simultaneously launch multiple exploits for multiple malware infections,” the report noted. Fiesta operators often use “pools of compromised websites” to redirect victims to EK pages.