Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report (v9 - released last week
), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology. Although the main focus of antimalware software is on traditional malware families, antimalware technologies can do a good job when it comes to file exploits that require a lot of parsing, such as exploit-laden movies, documents, and ... Java.
What I discovered was that some of our exploit "malware" families were telling a scary story - an unprecedented wave of Java exploitation. In fact, by the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code, not