Popularized Java Blackhole Exploit Kit Attacks Found to Push Urausy and Reveton Ransomware
Security researchers have uncovered a Java Runtime Environment vulnerability within automated mass malware infections wielded by exploit kits. Oracle, the technology conglomerate specializing in marketing enterprise systems and software products including the Java platform, disclosed a particular Java Runtime vulnerability back in October. This Java flaw CVE-2012-5076, is now at the forefront of Blackhole, the most widely used exploit kit and other emerging threats.
The exploit kit dubbed "sibhost", was found by researchers to push the popularized Urausy and Reveton Ransomware threats. Many other exploit kits have adopted this particular flaw, including Sweet Orange, Cool, and Nuclear, to name a few. The flaw was given the highest severity rating last month by Oracle. According to analysis performed by Microsoft's malware researcher Jeong Wook (Matt), it was confirmed that newer variations only affect unpatched Java 7 versions, but most malware utilizing the vulnerability contain exploits for Java 6 also.
Remote Access Tools (RATs) from China were the initial orchestrators of attacks on the Java Zero Day CVE-2012-4681 vulnerability. During its release and discovery, it didn't take but 4 days for Oracle to patch this flaw after security vendors confirmed several attacks being associated with it. We can only hope things pan out as well while the experts work on a solution to the current Java exploitation.
Probably the most discerning part of the recent discovery of the Blackhole exploit kit and its copy-cat cronies attacking Java 7 is that researchers expect a big influx of exploit kits using this latest Java flaw. To add insult to injury, the idea of exploit kits asserting vicious ransomware threats could send the exploitations into virtual overdrive when it is considered how rampart ransomware threats are.
Ransomware, known as deceptive pop-up messages mimicking local law enforcement agencies that claim detection of illegal actions all-the-while asking for a fine to be paid, are bad enough by themselves. Usually these types of threats cause infected systems to lock up or prevent normal usage. The idea of Java-bashing exploit kits flooding systems with ransomware only makes matters worse.
A serious pandemic could be on the horizon having popularized ransomware threats assist with spreading of Java exploits. Computer users and security researchers should ultimately prepare themselves for an inflow of exploits abusing this vulnerability. As the Blackhole exploit kit broadens its reach, we will certainly see other kits emerge that look for vulnerable installations of Java 7.