Microsoft warns users to be wary of fake Java updates

Cybercriminals set malware trap for users worried by Java zero-day exploits.

Malware on binary

Microsoft is warning users to be on the lookout for fake Java updates that will download malware onto their computers.

The cybercriminals behind the malware seem to be tapping into the current awareness of problems with Java, after several exploits were found in web browser versions of the plug-in.

"Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software," said Microsoft employee Eve Blakemore in a post on the company's blog.

Users must seriously consider their use of Java. Do they really need it?

"In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately.

"We agree that if you use Java on your device you should update it directly from the Oracle website," Blakemore added.

The problem was first reported by anti-virus giant Trend Micro, which said it had been alerted to a piece of malware posing as Java Update 11.

Paul Pajares, fraud analyst at Java, said in a blog post: "The fake update in question is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe.

"Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system."

Trend Micro also observed JAVA_DLOADER try, unsuccessfully, to download a ransomware Trojan to the user's computer.

Pajares claims while the malware installed via the fake update does not exploit any java-related vulnerability, it is "clearly piggybacking on the Java zero-day incident and users' fears."

Pajares said users might be better off ditching Java completely.

"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it?" he said.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
What is a botnet?
botnets

What is a botnet?

14 Jul 2021
Oracle updates MoU with UK's Crown Commercial Service
cloud computing

Oracle updates MoU with UK's Crown Commercial Service

9 Jun 2021
Trend Micro home network security flaws could let hackers take over PCs
Security

Trend Micro home network security flaws could let hackers take over PCs

26 May 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
IT Pro Panel: Why IT leaders need soft skills
professional development

IT Pro Panel: Why IT leaders need soft skills

26 Jul 2021