Russia-based computer security company Kaspersky Lab has said that exploiting vulnerabilities in operating systems and programs, with active use of Java vulnerabilities, is currently one of the most popular weapons in the cybercriminals’ arsenal.
To increase the risk of infection, malware writers create and sell exploit kits, said Kaspersky.
Exploit kits are packages of malicious programs simultaneously target several vulnerable points in the system.
The kits sell on the black market for anything from several hundred dollars to over a thousand.
Over the course of time, exploits for new vulnerabilities are added to already existing kits which allows cybercriminals to utilise loopholes detected at different times on unpatched machines as well as save on resources, said Kaspersky.
Kaspersky Lab, Spain, Global Research & Analysis Team Senior Malware Analyst Vicente Diaz said that active use of Java vulnerabilities has become the new trend on the exploit market.
Kaspersky said that 40% of all new exploits used by the top five kits in 2010 targeted Java. Last year saw Java vulnerabilities become the third most popular target for these kits, surpassed only by Internet Explorer and Adobe Reader.
According to Microsoft Malware Protection Center, 2010 broke all records in terms of attempts to exploit Java vulnerabilities.
In the first half of 2011 the trend continued and almost half of the malicious programs in two of the leading kits so far this year – BlackHole and Incoginto – are exploits for Java.
The platform is so popular with the exploit authors because it is the easiest way to bypass operating system security, said Kaspersky.
Diaz said, "Cybercriminals are showing once again how much they care about their return on investment and go just as far as they need to to stay one step ahead of protection mechanisms."
"In this case, another well known claim can be applied: security is only as strong as the weakest link – Java is the weakest link in this case," added Diaz.
