January 18, 2013
Fake Java Fix Is Actually New Malware In Disguise
Michael Harper for redOrbit.com — Your Universe Online
It´s a story that simply refuses to stop unfolding.
Oracle recently released a “fix” for Java 11´s headline-bursting security hole. Now, TrendLabs says they´ve discovered malware disguised as this fix, likely opening up even more people to zero-day exploits.
Java has been blamed for numerous malware attacks, sending security experts and the U.S. Department of Homeland Security to encourage all users to disable it on their machines. The most recent security flaw in Java had been included in hackers toolkits, packages of software used by cyber-criminals to attack machines. Java released a fix for this widespread exploit shortly after the Department of Homeland Security issued an alert about the dangers of Java. Less than 24 hours later, one hacker reportedly offered to sell a completely different exploit in Java 11 to anyone willing to dish out $5,000 for it.
All of this has happened in the first 18 days of the new year.
Today´s news claims that anyone who downloads the “fix” for Java 11 from anywhere other than Oracle´s website may be in danger of yet another zero-day exploit.
“We were alerted to reports of a malware that poses as Java Update 11 created by an unknown publisher,” writes Paul Pajares, fraud analyst for TrendLabs. “The said fake update in question is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe (both detected as BKDR_ANDROM.NTW).”
According to Pajares, once this fake fix is downloaded, a backdoor connects the machine to a remote server. This allows whoever runs the server to take control of the infected machine. It´s also been found that this exploit locks the user´s screen and tries to send them to specific sites in order to display notification to the user of the infected machine.
This is clearly an example of hackers and other cyber rascals piggybacking on the recent publicity of Java exploits. While clever in its own right, it also likely affects the same kind of person who is inclined to click on obviously infected links. It should be clear that the only Java fixes come from the official Oracle site rather than some other website.
Java´s recent time in the news has also brought the necessity of the software platform into question. Java doesn´t play a significant role in many of today´s web-surfing practices. It´s likely that the only people who need Java know they need it and know which sites utilize it. For these users, it´s recommended to use multiple growers, using the Java-enabled browser carefully and sparingly.
For everyone else, it´s best to disable Java altogether. These users won´t notice any difference in their surfing practices, but they will have one less thing to worry about when they surf the web.