Earlier today we blogged about a new Java zero-day vulnerability (CVE-2012-4681) being used in a small number of attacks. That's about to change as exploit code for the Java vulnerability has been added to the most prevalent exploit kit out there; Blackhole.
Here's a snippet of the updated Blackhole code:
The Pre.jar file (VirusTotal link) will use the new vulnerability to install the malware (VirusTotal link) itself. In this particular attack it was a banking trojan as can be seen from our ThreatScope report. Websense customers using our Advanced Classification Engine (ACE) were proactively protected against the updated Blackhole kit by our real-time analytics.
Technically the new vulnerability is actually two separate vulnerabilities. A technical analysis of these two vulnerabilities is available at the blog Immunity Products in this post.