While doing some stats & trends on our data, I noticed that there has been a steady rise in the number of malicious Java Archive (JAR) files that we are blocking (pulling data from both within our logs and denylists). While malicious JAR files remain a relatively small threat volume for our users (<100 incidents a month), roughly speaking there has been about a 300% increase in malicious JAR files per month observed from January 2010 to present. While our data is a small subset of the Internet as a whole, from the increases that I am seeing in our logs and the increased chatter on malicious JARs within security mailing lists, I believe it is safe to say that there has been an overall increase in malicious JARs on the Internet. There are a number of reasons supporting this increase, including:
Trojan executables, malicious PDFs, and browser exploits are much more prevalent than exploits against Java/JRE - but it will be interesting to continue to monitor this trend.