Both PCs were then set to visit a hundred randomly selected websites that were known to host malware such as the Blackholeexploitkit, as well as Flash, Java and PDF exploits, redirects or download link to malware, and other malicious content.
Both exploits take advantage of the Blackholeexploitkit, an off-the-shelf hacking tool that was updated last month to prey on the Java vulnerability, such that users who run the Java plug-in can have their PC entirely compromised via their browser when they visit an infected site.
Before its Thursday patch, an exploit that took advantage of the Java security flaws had been included in the widely used Blackhole cybercriminal software kit as well as the Metasploit penetration testing toolset.