The Black Hole exploit kit and the Carberp Trojan have a lovely, symbiotic relationship and they've recently decided to take that relationship to the next level. In the last month, there has a been a major spike in the volume of Carberp infections related to attacks from sites hosting Black Hole, mostly exploiting Java vulnerabilities.

Much of the jump in activity has occurred in Russia, and the attackers are targeting online payment systems primarily. However, the rise in Carberp infections isn't limited to Russia. In fact, researchers at Eset found that in November, infections by the Trojan tripled overall from the month before. Attackers are using sites that have previously been infected with Black Hole as launching points for drive-by download attacks against visitors and install Carberp after the exploit attempt succeeds.

"Based on the statistics obtained from one of the nodes hosting an active Black Hole exploit pack, the most frequently exploited vulnerabilities leading to system infection with malware are found in Java software," Eset's David Harley wrote in an analysis of the ongoing attacks. "In the last year Java has outpaced last year’s 'leaders' in exploitable application formats such as PDF and SWF (Adobe Flash file format), which are now more or less equal in second place. The vulnerabilities in Java are easier and more consistently exploitable than those in PDF and SWF. The code required for a working exploit is fairly small, and may be only a page in length. The exploited vulnerabilities aren’t really new: some of them are more than a year old."