This enormous jump is, according to Stewart, due to the fact that three particular vulnerabilities are being constantly exploited. Brian Krebs offers his own explanation: Java exploits have been incorporated into a number of popular exploit packs (Eleonore, Crimepack, SEO Sploit Pack, Blackhole).
These vulnerabilities have been patched for a while, but the problem is that users fail to update Java on their system. "Java is ubiquitous, and, as was once true with browsers and document readers like Adobe Acrobat, people don't think to update it. On top of that, Java is a technology that runs in the background to make more visible components work. How do you know if you have Java installed or if it's running?" says Stewart.
Given that Oracle has recently issued a Java security update that patches nearly 30 vulnerabilities, this would be a good time for all users to update the program or check for its existence on their systems and then update it. And while they're at it, they could configure the built-in updater to check for new versions every week.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.