A new security hole in Oracle's Java software is making the rounds on the web and being added to commercial crimeware kits, security analysts warn.
IT security blogger and analyst Brian Krebs said the maintainer of the Blackhole browser attack kit, "Paunch", yesterday announced on Underweb forums that the zero-day Java exploit had been added to his crimeware product.
The vendor of the competing crimeware Nuclear Pack shortly afterwards announced that the exploit had been added to that product as well, according to Krebs.
According to Kafeine, who is behind the Malware don't need Coffee blog and who first reported the flaw, the zero-day exploit is out in the wild and being used "massively" currently.
Copyright © iTnews.com.au . All rights reserved.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.