(Page 2 of 2)
Java exploits are notoriously successful when bundled into commercial exploit packs, software kits that can turn a hacked Web site into a virtual minefield for Web users who aren't keeping up to date with the latest security patches, said security researcher Brian Krebs in a blog post.
"Users would need only to browse to a booby-trapped site with a version of Mozilla Firefox or Internet Explorer that is running anything older than the latest Java package, and the site could silently install malware (according to a miscreant selling access to the exploit, it does not run reliably against Google Chrome for some reason)," he said.
Krebs said the BlackHole exploit kit makes it possible to exploit the vulnerability. He said the hacker behind the exploit kit is rolling it out for free to existing license holders, but is charging $4,000 to everyone else. With the continued security of Java in the spotlight, Krebs is urging people who don't need Java to junk it.
"For those who need Java for the occasional site or service, disconnecting it from the browser plugins and temporarily reconnecting when needed is one way to minimize issues with this powerful program," he said. "Leaving the Java plugin installed in a secondary browser that is only used for sites or services that require Java is another alternative."