TOKYO – Visitors to some of Japan’s most popular porn sites may be vulnerable to an Internet Explorer exploit that allows cyber-criminals to steal their banking credentials, a security firm warned.

Security researchers at anti-malware firm ESET have identified a strain of malware responsible for “drive-by” downloads at compromised websites including Sukuhabo.net, Uravidata.com, pppv.XXXurabi.com and MyWife.cc. Unless users have updated the Java engines on their computers, when they visit the compromised sites, they are redirected to a fake 404 error page that attempts to download and install Win32/Aibatook if a certain Java vulnerability is detected.

Disguised as a simple visitor counter on the page, Aibatook invades the end-user’s system, waits for the victim to visit an online banking or e-commerce site, and then presents the user with a faked login page that requests users re-enter their banking credentials because of a recent system upgrade. The stolen data is then forwarded to the cyber-criminals behind the scheme.

According to ESET, customers of more than 90 Japanese banks and secure online stores have been targeted.

ESET noted the Aibatook attack represents a perfect example of the importance of installing security patches as soon as they become available. Java developer Oracle distributed a patch for the Aibatook vulnerability in June 2013. A significant number of users never bothered to install the fix, according to ESET.

Java, one of the most commonly used software applications on the web, also is among the most frequently attacked weak spots in web browser architecture. Estimates place the percentage of all exploits that involve Java at an astounding 50 percent.