2012-08-28 - Evolution

Java 0day ( CVE-2012-4681) Update available for Blackhole Exploit Kit owner

According to a post of Paunch, the Blackhole creator, the actual java 0 day (CVE-2012-4681) is available for Blackhole owner since yesterday evening.

Paunch post on Exploit.In about java 0 day

Original text of the notification :

ВНИМАНИЕ ВНИМАНИЕ !!!

Добавлен 0day Java эксплойт, стучите за обновками, пробив жжот...

конкуренты - подтягивайтесь )))

Google Translation :

ATTENTION!

Added 0day Java exploit to knock for new clothes, breaking is cool ...

competitors - Tightens)))

Spotted on the BH EK hiding behind 731 ips on AS57999

(Here video of Reveton being dropped in its new Swedish clothes - go 1080HD - To see all known Reveton landings : https://www.botnets.fr/index.php/Reveton )

Jar file : 08fd3413aef2012f2b078fa07855e398

Updated : 0cbc25ade65bcd7a28dd8ac62ea20186
Right now to get it : almost any ip from 146.185.238.0/24,146.185.236.0/24 & 37.9.55.0/24
then get Pre.jar.

Edit: Now: Leh.jar - 496ed828bdc5643ff17cb084a212deaf (far larger and slightly more obsfuscated)
(will stop keeping track here after this one)

Reading about this 0 day :
Blackhole: Faster than the speed of patch - Karmina - F-Secure Weblog - 2012-08-28
Java 7 Applet RCE 0day Gondvv CVE-2012-4681 Metasploit Demo - Eric Romang Blog - 2012-08-28

Java 0-Day Using Latest Dadong’s JS Obfuscator - Darryl - Kahu Security - 2012-08-27

Java 7 0-Day vulnerability information and mitigation. - Andre' M. DiMino and Mila Parkour - Deep End Research - 2012-08-27

New Java 0day - David Maynor - Errata Security - 2012-08-27

Recent posts on this blog about BH EK :
Update to Blackhole Exploit Kits: v1.2.5 2012-07-31
Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel 2012-07-22