Java remains the application of choice for criminals and security professionals remain concerned.
A Java exploit first published in October and used in drive-by attacks is now into the Black Hole exploit kit, aimed primarily at “users in Russia, the U.S., the UK and Germany,” said Vyacheslav Zakorzhevsky, a security expert with Kaspersky Lab.
“Java is probably the vector most commonly exploited by cybercriminals,” said SophosLabs security expert Paul Baccas, “and we don’t see any sign of this situation changing anytime soon. The Black Hole exploit pack is the most commonly used malicious software installer that SophosLabs have been seeing in the last three months.”
Java is ubiquitous; there are more than 13 thousand million devices running Java, Oracle said. Criminals are turning to Java because they are businessmen – they tend to perform cost-benefit analyses.
“Having so many devices using the same software is a great opportunity,” said Luis Corrons, technical director at Panda Labs. “That’s why cybercriminals have targeted Windows for so many years.” But since Microsoft started to build a more secure operating system, criminals have had to look elsewhere to get a good return. “The main condition is that it has to be widespread, such as PDF, Flash, and browsers. That’s the case with Java; it is widespread and it is really convenient for everyone, both users and cybercriminals,” Corrons said.
If Oracle cannot fix it, it falls on the user to take more care. It is worth noting that according to Microsoft research, the use of an exploit peaks a full two months after the software patch is offered. Zealous patching is a great part of the solution.
“Once again we see that malware writers are forging ahead and are continually improving their creations,” Zakorzhevsky said. “It is, therefore, critical that all users install Java updates from Oracle in a timely manner.”