Java Exploit Construction Kit

Websense put out a blog post late last year that shocked me and probably the rest of the security world about how many Java exploit attempts there were compared to PDF exploits. Based on reports I’ve read throughout the year, I had thought that PDF exploits were on the top of the charts. Boy was I wrong.

Turns out that hackers have created a kind of Java exploit construction kit to help make the generation process much easier and quicker to do. It’s now in the hands of script kiddies. No wonder there’s so many Java exploit attempts!

All you need to do is run the program, make your selections, and generate a folder with all the files you need to start exploiting computers. But it’s not a true drive-by download as it relies on social engineering.

When you launch the webpage, you are greeted by the following graphic:

And a second later, you get a Java digital signature warning. While it looks pretty authentic, it’s self-signed but it’s good enough to fool most people.

With Adobe’s release of Acrobat X, it’s now Oracle’s turn to get their act together.

Posted on: 01/11/2011