Java the Target of Choice for Exploit Kits in 2011
01 Aug 2011
Exploiting vulnerabilities in operating systems and programs is currently one of the most popular weapons in the cybercriminals’ arsenal. To increase the risk of infection, malware writers create and sell exploit kits – packages of malicious programs that simultaneously target several vulnerable points in the system. Over the course of time, exploits for new vulnerabilities are added to already existing kits which allows cybercriminals to successfully utilize loopholes detected at different times on unpatched machines as well as save on resources. The kits sell on the black market for anything from several hundred dollars to over a thousand. Kaspersky Lab expert Vicente Diaz states that active use of Java vulnerabilities has become the new trend on the exploit market. 40% of all new exploits used by the top five kits in 2010 targeted Java. Last year saw Java vulnerabilities become the third most popular target for these kits, surpassed only by Internet Explorer and Adobe Reader. According to Microsoft Malware Protection Center, 2010 broke all records in terms of attempts to exploit Java vulnerabilities.
In the first half of 2011 this trend continued. Almost half of the malicious programs in two of the leading kits so far this year – BlackHole and Incoginto – are exploits for Java. The platform is so popular with the exploit authors because it is the easiest way to bypass operating system security.
“Cybercriminals are showing once again how much they care about their return on investment and go just as far as they need to to stay one step ahead of protection mechanisms. In this case, another well known claim can be applied: security is only as strong as the weakest link – Java is the weakest link in this case,” summarizes Vicente Diaz, Senior Malware Analyst, Spain, Global Research & Analysis Team, Kaspersky Lab.
For more information on the growing popularity of Java exploits, view Vicente Diaz’s article ‘Exploit kits attack vector – mid-year update’ at www.securelist.com.