Blackhole is like most other malware and exploit packs, it spreads over iframe and it executes a downloaded payload. ESET Threat blog in this post, but now there is a brand new used vulnerability : CVE-2012-0507. CVE-2012-0507 is an interesting vulnerability found in the Java AtomicReferenceArray class implementation, which wasn’t checking properly whether the array was of an appropriate Object type. A malicious Java applet could use this flaw to bypass Java sandbox restrictions in order to execute malicious code outside of sandbox.
|This image has been resized. Click this bar to view the full image. The original image is sized 500x173px.|
The infection goes on following these steps: