Unpatched Java vulnerability exploited in Blackhole-based attacks
Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the new flaw was integrated into the popular Blackhole attack toolkit, according to security researchers from antivirus vendor Kaspersky Lab.
"The first victim regions to be hit with the Blackhole stuff were the U.S., the Russian Federation, Belarus, Germany, the Ukraine and Moldova," Kaspersky senior security researcher Kurt Baumgartner said Tuesday in a blog post.
Blackhole is one of the most popular of the commercial exploit toolkits that cybercriminals use to automatically infect computers with malware when their owners visit malicious or compromised websites. Blackhole is sold on the underground market and comes packed with a variety of exploits for known vulnerabilities in browser plug-ins such as Java, Adobe Reader and Flash Player.