A Java-focused exploit kit has been uncovered hitting the platform mere hours after Oracle and Apple released a patch update to fix two zero-day vulnerabilities.
Webroot reported detecting a new exploit kit it believes stems from a minor cyber criminal group selling for as little as $40 per day on Tuesday.
"Yesterday, a relatively unknown group of cybercriminals publicly announced the availability of a new web malware exploitation kit," wrote Webroot's Dancho Danchev
"What's so special about it is the fact that its current version is entirely based on Java exploits."
According to Webroot, access to the exploit kit is being offered to on a rental basis - exploit kit-as-a-service - hosted on severs owned by the criminals, which they claim to have tightly secured. It is being offered out at $40 for 24 hours use, $150 for a week and $450 for a month.
Webroot said the budget nature of the kit combined with the high levels of publicity around the Java platform's security issues has hampered the kit's success rate.
"Would this newly released exploit kit cause any widespread damage internationally? We doubt so, due to the fact that some of the most recent Java vulnerabilities received massive media coverage, prompting enterprises and end users to permanently disable it," wrote Danchev.
"The overall infection rate for the campaign was 9.5 percent, a pretty low one taking into consideration the fact that competing web malware exploitation kits tend to exploit a much more diversified set of client-side vulnerabilities, consequently, achieving higher exploitation rates."
Danchev said the majority of the infected machines are US-based systems running Windows NT 6.1 and Windows XP, with a small number also being detected on Mac OS X hosts.
The news comes during pandemic of Java based exploits. Oracle and Apple were forced to release out of cycle security patches following the discovery of two Java zero day vulnerabilities late on Monday.
Prior to the exploit kit's discovery security firm F-Secure warned that Java has become cyber criminals' current victim of choice in its 2012 H2 Threat Report in February.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23