March 28, H Security – (International) Critical Java hole being exploited on a large scale. Criminals are increasingly exploiting a critical hole in the Java Runtime Environment to infect computers with malicious code when users visit a specially crafted Web page. According to a security blogger, the reason for this increased activity is that the arsenal of the BlackHole exploit kit has been extended to include a suitable exploit. The hole patched by Oracle in mid-February allows malicious code to breach the Java sandbox and permanently anchor itself in a system. Varying types of malware are injected; for example, it is believed the hole is exploited to deploy the Zeus trojan. According to an analysis by Microsoft, the dropper is distributed across two Java classes. The first class exploits the vulnerability to elevate its privileges when processing arrays, and then executes a loader class that will download and install the payload. Users can protect themselves by installing or updating to one of the current Java releases: Java SE 6 Update 31 or version 7 Update 3.