Skip to main content

Beware: malware masquerading as Java patch

Opportunist hackers are capitalising on fears over Java vulnerabilities by spreading malware posing as patches for the under fire computer platform.

Oracle has endured a torrid week over Java’s security, having already issued Update 11 to fix critical flaw CVE-2013-0422 – a threat deemed serious enough for the US Department of Homeland Security to recommend that users completely disable Java from their computers.

A separate vulnerability was then alluded to on a hacker forum, with one miscreant touting a ready-made exploit for $5,000, while weaknesses in the system are also said to have helped the Red October hackers develop their cyber-espionage network.

Now, Trend Micro researchers have been pointed towards malware that doesn’t apply to Java itself, but masquerades as the aforementioned Java Update 11 hoping that concerned users will download the 'fix' and thus infect their computers.

The new threat is “javaupdate11.jar” - detected as JAVA_DLOADER.NTW – “which contains javaupdate11.class that downloads and executes malicious files,” Trend Micro explains. “Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system.”

The security firm emphasises that the malware “does not exploit CVE-2012-3174 or any Java-related vulnerability, the bad guys behind this threat is clearly piggybacking on the Java zero-day incident and users’ fears.”

Java users are consequently being advised to take care over where they download the latest update – which can be found here on the Java downloads page.