Thursday, January 17, 2013

New malware disguised as update for Java zero-day patch

Researchers at Trend Micro are reporting a malicious software disguised as the latest update for Java, which was created by an unknown publisher.  On January 13, Oracle released Java 7 Update 11 to patch two security vulnerabilities that had attracted a lot of recent media attention.  The new malware poses as Java 7 Update 11, and if a user downloads and installs the fake update, a malicious program is installed.

According to Trendlab Security Intelligence at Trend Micro, the fake Java update "is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe (both detected as BKDR_ANDROM.NTW). Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system." 

Evidently, the fake Java update doesn't even take advantage of the vulnerabilities that the real Java patch fixes, but tricks the user into downloading a different piece of malware altogether.

Please be certain that you download and install Java only from Oracle's Java.com web site.  More information and a screenshot are found in the following Security Threat Center article.

No comments:

Post a Comment