Java Zero-Day Vulnerability Rolled Into Exploit Packs 193
tsu doh nimh writes "The miscreants who maintain Blackhole and Nuclear Pack — competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they've added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java. The curator of Blackhole, a miscreant who uses the nickname 'Paunch,' announced yesterday on several Underweb forums that the Java zero-day was a 'New Year's Gift,' to customers who use his exploit kit. The exploit has since been verified to work on all Java 7 versions by AlienVault Labs. The news comes days after it was revealed that Paunch was reserving his best exploits for a more closely-held exploit pack called Cool Exploit Kit, a license for which costs $10,000 per month."
Re:Just remove Java and get it over with (Score:4, Funny)
But... but... Javascript is used all over the Web. You'd break almost everything if you uninstalled Java!
I see. Have you tried turning it off and on again?
Is it definitely plugged in?
Re:Just remove Java and get it over with (Score:5, Funny)
Customer: The 10 key? Do you mean F10?
Support: No. The 10 key is a black rocker on the back of the computer with a 1 and a 0. Pushing that will make your computer secure.
Re:Oh Java... (Score:2, Funny)
Don't forget 64-bit Firefox.
Or all the other 64-bit browsers.
Oh, I just realised he's running on that wacky Windows thing, where the OS is 64-bit but 99% of apps are still 32-bit.