The infamous exploit packs Blackhole and Nuclear Pack now feature a new zero-day Java exploit that exploits the Java vulnerability CVE-2013-0422. The latest version of Java 7 Update 10 is affected.

Malware spreading through drive-by-downloads often utilizes exploit packs, which are able to serve malware variants without any user interaction, as opposed to other techniques relying on social engineering.

While users of ESET security products are protected from this threat (we detect it as Java/Exploit.CVE-2013-0422) we do concur with the advice given by Brian Krebs to disable Java if not needed, so as to minimize the potential attack vectors used by malware.

Java 0-days are nothing new under the sun, a past example is mentioned in the blog post by Stephen Cobb. Java 7 Update 10, however, considerably simplifies the process of disabling Java in browsers, and we strongly advise users to keep their software updated to the latest versions.

Robert Lipovsky
Malware Researcher