Blackhole is like most other malware and exploit packs, it spreads over iframe and it executes a downloaded payload. ESET Threat blog in this post, but now there is a brand new used vulnerability : CVE-2012-0507. CVE-2012-0507 is an interesting vulnerability found in the Java AtomicReferenceArray class implementation, which wasn’t checking properly whether the array was of an appropriate Object[] type. A malicious Java applet could use this flaw to bypass Java sandbox restrictions in order to execute malicious code outside of sandbox.
This image has been resized. Click this bar to view the full image. The original image is sized 500x173px. |
The infection goes on following these steps: