IC3: Blackhole Exploit Kit 1.2.3 Released

Thursday, April 26, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Blackhole is currently the most widely purchased exploit pack in the underground market.

An exploit pack is a software toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash.

On March 25, 2012, the Blackhole Exploit Kit 1.2.3 was released. This kit included the latest critical vulnerability in Java, allowing the bypassing of Java's sandbox environment.

Java's sandbox is designed to provide security for downloading and running Java applications, while preventing them access to the hard drive or network. New malware samples appearing in the wild have been highly successful at exploiting this flaw.

It is estimated at least 60% of Java users have not yet patched against this latest flaw, CVE-2012-0507.The table below illustrates the number of vulnerabilities loaded by type and the overall percentage:

IC3 Blackhole Exploits

Source:  http://www.ic3.gov/media/2012/120420.aspx

Possibly Related Articles:
13773
Network->General
Java malware Application Security Exploits Headlines IC3 hackers Critical Patch Updates Blackhole Exploit Flash Player
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.