More than two-thousand weblinks direct users to domains that can inject malicious code by way of a Java downloader applet.
The tactic uses an OpenConnection-type downloader exploit used in website doorways and landing pages, and use of the method has increased dramatically over the last several months.
“The Top 20 malicious programs detected on the Internet in November included a total of nine exploits, three redirects and one script downloader that were used for carrying out drive-by downloads,” notes Vyacheslav Zakorzhevsky, a researcher at Kaspersky Lab.
Java-based exploits are common and extremely successful because of the script's cross-platform utilization.
The infection methodology is commonly referred to as a "drive-by" infection, which exploit vulnerabilities in legitimate websites.
They typically use an IFrame to inject a redirect scrip from another domain, which results in the execution of malicious files to the targeted system.
The Java downloader applet injection differs from the iFrame script exploits in that they rely on the Java OpenConnection to infect the target computer.
Java exploits are proving to be a major vehicle for the delivery of malware, and the problem only seems to be getting worse.