An exploit for one of the just patched Java vulnerabilities is now a part of the Blackhole exploit kit, researchers said.
Researchers discovered the exploit through the analysis of the latest PayPal-themed spam run that leads to a page hosting the exploit kit, said officials at security company, Trend Micro.
Users will get a “Receipt for your PayPal payment to…” email, and should verify the details of the payment order by clicking on a link included in the message.
Through a series of redirections, they first go to a page booby-trapped with the Blackhole exploit kit, and then to a “Canadian Pharmacy” type of web page.
Blackhole developers are smart and when they find a hole in anything, they will exploit it whether it is Adobe Reader, Flash Player, or Java.
In this case, it’s a Trojan that attempts to steal stored account information used in a number of FTP clients or file manager software; email credentials from email clients; user names, passwords, and hostnames stored in browsers; and tries to access password-protected locations by trying out a hardcoded list of username/password combinations.