TweakTown
Tech content trusted by users in North America and around the world
5,920 Reviews & Articles | 38,140 News Posts

New zero-day Java exploit shows up online, for sale in online forum for $5k

Another Java zero-day exploit hits the web, being sold to two people for $5k a piece

| Hacking & Security News | Posted: Jan 16, 2013 11:38 pm

Java seems to be one of the most exploited pieces of software running on a computer. Unfortunately, most computers are running Java for websites and other interactive features online. Just earlier this week, Oracle had to rush out a patch for Java that secured up a critical bug that allowed hackers to run code on a victim's machine.

 

TweakTown image news/2/7/27913_1_new_zero_day_java_exploit_shows_up_online_for_sale_in_online_forum_for_5k.jpg

 

An administrator for an exclusive cybercrime forum posted up Monday an offering for a new zero-day exploit that has yet to be patched by Oracle. It also has yet to be rolled into one of the exploit kits, some of which rent for upwards of $10,000 a month. The starting price for the exploit? $5,000.

 

New Java 0day, selling to 2 people, 5k$ per person

 

And you thought Java had epically failed when the last 0day came out. I lol'd. The best part is even-though java has failed once again and let users get compromised... guess what? I think you know what I'm going to say... there is yet another vulnerability in the latest version of java 7. I will not go into any details except with seriously interested buyers.

 

Code will be sold twice (it has been sold once already). It is not present in any known exploit pack including that very private version of [Blackhole] going for 10$k/month. I will accepting counter bids if you wish to outbid the competition. What you get? Unencrypted source files to the exploit (so you can have recrypted as necessary, I would warn you to be cautious who you allow to encrypt... they might try to steal a copy) Encrypted, weaponized version, simply modify the url in the php page that calls up the jar to your own executable url and you are set. You may pm me.

 

The exploit hasn't been verified to exist, though it's doubted that an admin of a site would try to scam users out of $5,000. If you don't want to or can't risk getting compromised, you should disable Java.

NEWS SOURCE
Techspot.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases