Malware masquerades as patch for Java
The malware, ironically, does not actually exploit the Java vulnerabilities, according to Trend Micro
IDG News Service - Trend Micro has spotted a piece of malicious software that masquerades as the latest patch for Java, a typically opportunistic move by hackers.
Oracle released two emergency patches on Sunday for its Java programming language and application platform, which is installed on millions of computers worldwide.
The latest version of Java is Update 11. Trend Micro wrote on its blog that it was alerted to a fake "Java Update 11" present on at least one website. If a user installs the bogus update, a malicious backdoor program is downloaded.
"Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system," wrote Paul Pajares, a fraud analyst with Trend.
Hackers often disguise their malware as a legitimate software update in the hope of confusing IT staff. Interestingly in this case, the fake update doesn't actually exploit the vulnerabilities that Oracle patched on Sunday, Pajares wrote. The user is tricked into downloading a different piece of malware.
"The use of fake software updates is an old social engineering tactic," Pajares wrote. "This is not the first time that cybercriminals took advantage of software updates."
Pajares advised users to download updates only from Oracle's website. Trend Micro, along with other computer security firms and experts, are generally advising that users uninstall Java if it isn't needed, which helps eliminate exposure to the risks from software flaws.
Users can also opt to keep Java on their computer but disable it within the Web browser, which is how the latest vulnerabilities exposed users to attack.
The two vulnerabilities patched by Oracle on Sunday both could be exploited by a malicious "applet," a Java application that's downloaded from another server and runs if a user has Java installed. Applets are often embedded in Web pages and run in the browser.
Security reporter Brian Krebs wrote on Wednesday that a zero-day Java exploit for an apparently brand-new vulnerability was being advertised for US$5,000 in an underground hacking forum. The advertisement was posted for a short time, then disappeared, Krebs wrote.
Oracle officials did not respond to an email request for comment.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- F5 Data Center Firewall Aces Performance Test F5's BIG-IP 10200v with Advanced Firewall Manager (AFM) can handle traffic at 80-Gbps rates while screening and protecting tens of millions of connections...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!