Less than a week after Oracle Corp. released a patch for a Java remote code execution vulnerability, the flaw was targeted by cybercriminals infecting unprotected computers with ransomware, according to security researchers.
F-Secure said attacks on the vulnerability started on April 21, a day after the exploit for the flaw was added to Metasploit. Although Metasploit is an open-source tool used by penetration testers it is not uncommon for cybercriminals to adapt Metasploit modules for use in malware toolkits.
In its original advisory, Oracle rated the flaw’s impact at 4.3 in a scale of 10 using the Common Vulnerability Scoring Systems. Oracle said the vulnerability can only be exploited through untrusted Java Web Start applications and untrusted Java applets.
A blog post on the site Malwaredontneedcoffee.com said that CVE-2013-2423 was added into the Web attack tool kit Cool Exploit Kit which is used to install a malware called Reveton.
Reveton is a ransomware used by cybercriminals to extort money from victims. The malware locks down the operating system of an infected machine, warns victims that they had downloaded illegal files and demands that victims pay a fine.
Oracle said users should upgrade to the latest Java 7 version, Update 21, as soon as they can.