We and pretty much the rest of IT world, have written about the Java zero-day exploit, about the fast patch that Oracle release to remove some of the market pressure and also about the fact that such a quick move can only mean that even more bugs were probably introduced, which might lead to other exploits.
Such a mass media frenzy couldn’t have get unnoticed and unused by the cybercriminals.
Now, we and other security companies are seeing malware that pretend to be a patch for the well-known Java zero-day exploit. The malware is pretending to be the Java 7 Update 11 which fixes the mentioned zero-day exploit.
This is how it must look like if Java is not installed on your computer or it is deactivated:
If you see a website that is displaying some kind of error that it can’t run something because Java is not installed, then don’t let yourself fooled and never install a software, let it be patch or not, from any other source than the producer’s website. In this particular case, visit this URL and download the installation kit from Oracle: http://java.com/en/download/index.jsp .
via Avira – TechBlog http://techblog.avira.com/2013/01/22/be-aware-of-fake-java-patches-for-the-zero-day-exploits/en/
© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch