A Java-focused exploit kit has been uncovered hitting the platform mere hours after Oracle and Apple released a patch update to fix two zero-day vulnerabilities.
Webroot reported detecting a new exploit kit it believes stems from a minor cyber criminal group selling for as little as $40 per day on Tuesday.
"Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new web malware exploitation kit," wrote Webroot's Dancho Danchev
"What's so special about it is the fact that its current version is entirely based on Java exploits."
According to Webroot, access to the exploit kit is being offered to on a rental basis - exploit kit-as-a-service - hosted on severs owned by the criminals, which they claim to have tightly secured. It is being offered out at $40 for 24 hours use, $150 for a week and $450 for a month.
Webroot said the budget nature of the kit combined with the high levels of publicity around the Java platform's security issues has hampered the kit's success rate.
"Would this newly released exploit kit cause any widespread damage internationally? We doubt so, due to the fact that some of the most recent Java vulnerabilities received massive media coverage, prompting enterprises and end users to permanently disable it," wrote Danchev.
"The overall infection rate for the campaign was 9.5 percent, a pretty low one taking into consideration the fact that competing web malware exploitation kits tend to exploit a much more diversified set of client-side vulnerabilities, consequently, achieving higher exploitation rates."
Danchev said the majority of the infected machines are US-based systems running Windows NT 6.1 and Windows XP, with a small number also being detected on Mac OS X hosts.
The news comes during pandemic of Java based exploits. Oracle and Apple were forced to release out of cycle security patches following the discovery of two Java zero day vulnerabilities late on Monday.
Prior to the exploit kit's discovery security firm F-Secure warned that Java has become cyber criminals' current victim of choice in its 2012 H2 Threat Report in February.
New light-guiding nanoscale device can control and monitor a nanoparticle trapped in a laser beam with high sensitivity
Optical traps are scientific instruments in which a focused laser beam is used to exert an attractive or repulsive force on a microscopic object to hold it in place
Scientists estimate that the exoplanet has already lost up to 35 per cent of its mass over its lifetime
The observations were made using the Atacama Array in the Chilean desert
J1043+2408 was observed for more than 10 years, and its radio light curve exhibited a periodic signal repeating in about 563 days