Less legitimate toolkits were not far behind, with the popular Blackhole exploit kit adding a rougher version of the attack to allow spammers and fraudsters to compromise vulnerable systems.
"The division of labor and specialization in malware production has enabled crimeware creators and distributors to react very quickly to these vulnerabilities," says ESET's Cobb. "I think at this point it is safe to say that [the criminals are] going to be focused on Java until Java is all sealed up or not used anymore. It is particularly open to attacks."
While Oracle released a patch on Thursday, the incident is still not over. Many companies delay patching until they can test the update for compatibility with their particular environment. In its Laws of Vulnerability 2.0 report -- admittedly a bit dated now -- cloud security firm Qualys found that 40 percent of the Top 20 flaws lasted more than a year in corporate environments.
Among the software affected by those long-lasting flaws: Java.
Sign up for CIO Asia eNewsletters.