Exploit Toolkit Infects One in Ten Users via Outdated Java

[Peaches]

If you haven't the most recent version of Java, download it & instal and be sure to get any updates as well.

Exploit Toolkit Infects One in Ten Users via Outdated Java

While analyzing a live drive-by download attack, researchers from M86 Security found that one in ten users visiting the compromised pages were being infected because they had an outdated version of Java installed. The exploit toolkits used in drive-by download attacks target known arbitrary code execution vulnerabilities in older version of popular applications, like Adobe Flash Player, Adobe Reader, Java or even the browsers themselves.

Successful exploitation results in malware being installed on the visitor's system in a way that is transparent to them. There are various exploit toolkits on the underground market, some more popular than others and targeting a different number of vulnerabilities.The exploit pack used in this attack is called Zombie Infection Kit and is neither the most popular, nor the most sophisticated.

The toolkit exploits two Java vulnerabilities, four Adobe Reader ones (via a single PDF document), the Windows XP Help Center (HCP) flaw discovered earlier this year, an old one in IE6 and two in Adobe Flash Player. According to its control panel, the two Java vulnerabilities accounted for a bit over 60% of all successful infections. This is consistent with numbers seen in other exploit toolkits.

Further details here: http://news.softpedia.com/news/Exploit-Toolkit-Infects-One-in-Ten-Users-via-Outdated-Java-161579.shtml