Whilst working on our normal data pull and analysis for the Microsoft Security Intelligence Report (
v9 - released last week), I embarked on a mini discovery mission on the exploit data that MMPC detects with our antimalware technology. Although the main focus of antimalware software is on traditional malware families, antimalware technologies can do a good job when it comes to file exploits that require a lot of parsing, such as exploit-laden movies, documents, and ... Java.
What I discovered was that some of our exploit "malware" families were telling a scary story - an unprecedented wave of Java exploitation. In fact, by the beginning of this year, the number of Java exploits (and by that I mean attacks on vulnerable Java code,
not attacks using JavaScript) had well surpassed the total number of Adobe-related exploits we monitored. See chart below for details:
