At the Black Hat USA 2012 security conference, researchers warned that attackers are increasingly exploiting vulnerabilities in Java. “Overall we have seen the amount of Java malware increasing over time, based on our telemetry,” said researcher Jeong Wook Oh from the Microsoft Malware Protection Center.
The security pros believe criminals are targeting Java because they have a high success rate–up to 80 percent in some cases. They say Oracle needs to do more to secure Java technology. “Any 3rd party software with a large user base can be a possible target in the future,” Oh said. “But as long as you don’t put any efforts to make your software more secure and your software has a large user base, there is no reason for the bad guys to stop abusing the vulnerabilities found in your software. It is especially true when the bad guys can have high success rate with those vulnerabilities.”