Red October relied on Java exploit to infect PCs

Attackers behind a massive espionage malware campaign that went undetected for five years relied in part on a vulnerability in the widely deployed Java software framework to ensnare their victims, a security researcher said.

The website exploited a critical Java vulnerability identified as CVE-2011-3544, allowing the attackers to surreptitiously execute malicious code on visitors' computers.