Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

New Java 0-day added to Blackhole Exploit Kit

View all posts > 

New Java 0-day added to Blackhole Exploit Kit

Posted: 29 Aug 2012 12:44 AM | Patrik Runald | 2 comment(s)

Earlier today we blogged about a new Java zero-day vulnerability (CVE-2012-4681) being used in a small number of attacks. That's about to change as exploit code for the Java vulnerability has been added to the most prevalent exploit kit out there; Blackhole.


Here's a snippet of the updated Blackhole code:



The Pre.jar file (VirusTotal link) will use the new vulnerability to install the malware (VirusTotal link) itself. In this particular attack it was a banking trojan as can be seen from our ThreatScope report. Websense customers using our Advanced Classification Engine (ACE) were proactively protected against the updated Blackhole kit by our real-time analytics.



Technically the new vulnerability is actually two separate vulnerabilities. A technical analysis of these two vulnerabilities is available at the blog Immunity Products in this post.


JTK said on Tuesday, September 4, 2012 5:22 AM

Is there a way to block all Java sites and then just white-list with the Websense Web Security software?

Patrik Runald said on Wednesday, September 26, 2012 2:30 PM

Unfortunately no, there's no easy way to do this.

Leave a Comment


Email address: (required)