NEWS FROM THE LAB - Tuesday, August 28, 2012

Blackhole: Faster Than the Speed of Patch Posted by Karmina @ 16:10 GMT

And before Oracle can release a patch for the new Java zero-day exploit that we wrote about earlier today, Blackhole waltzes onto the scene with an update of its own. So the exploit kit users can now avail of the latest BH, now with the new CVE-2012-4681 exploit.

We wonder if this will actually spike Blackhole sales.

The authors seem to be in such a hurry that they can't think of new names anymore (click the images for a larger view):

Blackhole code

Blackhole code

There being no latest patch against this, the only solution is to totally disable Java. Since this is the most successful exploit kit + zero-day… qué horror. Please, for the love of your computer disable Java on your browser.

The JAR is detected as Exploit:W32/CVE-2012-4681.A (SHA1: 15fde2d50fc5436aa73f3fd6b065f490259a30fd).

Post by — Karmina and @TimoHirvonen