The writers of this flavor of g01pack appear to be behind the times, noted Rapid 7 Chief Security Officer HD Moore. "The fact that this exploit works at all is a testament to how bad the AV industry is," he told CSO.
The second stage of the g01pack exploit isn't as elegant as new exploits that compromise the Java sandbox, he continued. "If you do the sandbox escape in Java, you can do in-memory execution of anything you want," he said. "You don't have to write a file to disk anywhere."
"Their techniques are pretty primitive compared to what's already out there," Moore said.
It's also surprising to see them attacking an exploit closed six months ago in a version of Java in only about 40 percent of the installed base and dropping, he said. "It seems like an inefficient use of their time."
Sign up for MIS Asia eNewsletters.