FireEye researchers are warning of attacks exploiting a zero day flaw in the latest version of Java.
"The targeted attacks that are being launched right now are using an exploit from a site hosted in China, which is still up and running," writes Threatpost's Dennis Fisher. "Once the exploit fires, the attack will install a dropper on the compromised PC called Dropper.MsPMs, which will then call out to another IP address on the same domain as the one serving the exploit."
"The number of these attacks has been relatively low, but it is likely to increase due to the fact that this is a fast and reliable exploit that can be used in drive-by attacks and all kinds of links in emails," write DeepEnd Research's Andre' M. DiMino and Mila Parkour.
"The malware installed in the attacks seen so far appears to be a variant of Poison Ivy, Jaime Blasco, a researcher with security firm AlienVault, said Monday in a blog post. Poison Ivy is a so-called remote administration Trojan program that has been used in many cyberespionage campaigns in the past," writes Computerworld's Lucian Constantin.
"Also, there are indications that this exploit will soon be rolled into the BlackHole exploit kit," writes Krebs on Security's Brian Krebs. "Contacted via instant message, the curator of the widely-used commercial attack tool confirmed that the now-public exploit code worked nicely, and said he planned to incorporate it into BlackHole as early as today. 'The price of such an exploit if it were sold privately would be about $100,000,' wrote Paunch, the nickname used by the BlackHole author."
"Oracle is yet to comment on the news, and to say whether it will break its scheduled quarterly patch cycle to issue a patch for the flaw," writes Help Net Security's Zeljka Zorz. "In the meantime, users are advised either to disable or remove Java for the time being -- or for good."