Developers Blackhole and Nuclear Pack said that the exploit is a ‘New Year present’ for their clients.
Hackers who are the authors of such sets exploits as Blackhole and Nuclear Pack, claim that they had added a new exploit, an attacker previously unknown and is not currently vulnerability in Java.
Thus, on 9 January, the developer Blackhole – hacker disguised under the pseudonym ‘Paunch’ – said on several underground forums that a zero-day vulnerability in Java is a ‘New Year gift’ to those who use it with a set of exploits. Soon, similar reports were received from the developers and distributors of Nuclear Pack.
According to the two authors of malicious software, described their vulnerability exists in all versions of Java 7, including Java 7 Update 10.
It should be noted that the official comments on the matter from Oracle is not currently reported. At the same time, yesterday, January 10, experts in information security from the company Alienvault Labs confirmed that the exploit does work, even with all the latest updates.
View the Alienvault Labs report here .