Blackhole, CVE-2012-0507 and Carberp

Revision as of 15:24, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Blackhole, CVE-2012-0507 and Carberp
Botnet Carberp
Botnet/malware group
Exploit kits Blackhole
Distribution vector
Operation/Working group
Date 2012 / 30 mars 2012
Editor/Conference ESET
Link ( Archive copy)
Author David Harley, Aleksandr Matrosov


This week Blackhole has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/Exploit.CVE-2012-0507. Earlier this week information was published about the Blackhole update by French malware researcher Xylitol and last week Microsoft shared information about an interesting way of breaching the JRE (Java Runtime Environment) sandbox.

The first information about a working exploit for CVE-2012-0507 was released by the company Immunity with reference to the 7.03.2012 product update of Immunity CANVAS Modules. The first In-the-Wild detections were recognized during the week beginning on March 12, 2012. The CVE-2012-0507 vulnerability was remediated on February 15 as part of a critical patch update advisory. Today a public module for Metasploit Framework was released, working on a range of platforms: Windows, Linux, Solaris and OSX. The Metasploit module for exploitation of CVE-2012-0507 looks the same as the exploit version seen in the updated Blackhole version.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR966,
   editor = {ESET},
   author = {David Harley, Aleksandr Matrosov},
   title = {Blackhole, CVE-2012-0507 and Carberp},
   date = {31},
   month = Mar,
   year = {2012},
   howpublished = {\url{}},