Average Rating: Rate this article:

Phony Java Patch Pushes Malware By Jennifer LeClaire January 18, 2013 10:46AM     "Updates, patches and hot-fixes should always come directly from the vendor," said analyst Richard S. Westmoreland of the fake Java patch. "Companies should remind their employees to wait for instructions from their management and IT administrators and not try to 'solve' their own computer problems in ways that have not already been authorized."   Related Topics Malware Java Enterprise Security Top Tech News Latest News Iran Hackers Target U.S. Energy Firms 7 ways To Not 'Screw Up' Tumblr Customer Service a Spectator Sport HP Profit Falls, But Outlook Soars Lenovo Soars Amid PC Industry Slump With all the Java security problems, it's hardly surprising that malware authors would move to take advantage of the whirlwind. Ironically, a new ransomware campaign is targeting consumers looking to download the latest Java patch to keep their systems safe. Trend Micro has warned of malware that poses as Java Update 11, created by an unknown publisher. According to Trend Micro, the fake update in question is javaupdate21.jar and it downloads and executes malicious files. "Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system," Paul Pajares, a fraud analyst at Trend Micro, wrote in the company's Security Intelligence Blog. "Though the dropped malware does not exploit CVE-2012-3174 or any Java-related vulnerability, the bad guys behind this threat are clearly piggybacking on the Java zero-day incident and users' fears. The use of fake software updates is an old social engineering tactic." Not a New Trick Pajares noted that this is not the first time that cybercriminals took advantage of software updates. Last year, we reported about malware disguised as Yahoo Messenger, which Trend Micro found in time for Yahoo's announcement of its update for Messenger. "During our analysis, this ransomware locks users' screen and attempts to access specific sites to display its notification to users," Pajares said. "However, the malware we analyzed failed to download the said notification, thus the user is possibly left with a blank page." Richard S. Westmoreland, Level III security analyst and team leader at Perimeter E-Security, told us social engineering is still the most successful way of breaching systems. "Updates, patches and hot-fixes should always come directly from the vendor," Westmoreland said. "Companies should remind their employees to wait for instructions from their management and IT administrators and not try to 'solve' their own computer problems in ways that have not already been authorized." Malware Is Big Business Alex Horan of CORE Security said that if you ever wanted proof that malware is an active business, look how quickly the malware providers respond to events. "They leverage trending events -- like Hurricane Sandy, relief drives, elections -- to increase the likelihood of a victim interacting with their malware and exposing themselves to risk," Horan told us. "'Trust but verify' should be the maxim for dealing with any messages or requests you receive. Even if it makes perfect sense for the IT department to be warning you of the Java exploit and sending you a link to download the patch, you should still call and verify it is truly an e-mail from them and not from an attacker."   Tell Us What You Think Comment: Name: Paul: Posted: 2013-01-23 @ 8:01pm PT Very informative. Thank you for letting people know Java has no update, info on a fix is a fraud. Spade: Posted: 2013-01-19 @ 3:38pm PT This again?! What does Malware even want with us?! I see no reason for them to attack us! WHAT THE HECK DID WE- THE USERS- EVEN DO? Here I am, a day after gettind Java Version 7 Update 11 and hear THIS. YEA, WE'RE PRETTY DARN DOOMED FOR NO REASON. STUPID MALWARE. Also Visit: iPad Info Center Billions of Bytes Mobile Device Now Apple Info Center TopTechWire.com

Product Information and Resources for Technology You Can Use To Boost Your Business BYOD & MDM   Forrester Research Inc., Report: BYOD from AT&T. Make everyone more efficient. CRM Systems   Unlock the potential in your people with Microsoft Dynamics   How Microsoft Dynamics helped mobilize retail businesses   2 million CRM success stories and counting...   Experience CRM and Business Success today with Salesforce.com.   Optimize CRM with Data Quality Management. More from Trillium Cloud & Virtualization   Riverbed Stingray Traffic Manager on Amazon Web Services Contact Centers   Unlock the potential in your people with Microsoft Dynamics   Unlock the potential in your people with Microsoft Dynamics Customer Data   See how you can benefit from Microsoft Dynamics Customer Service   Improve your customer relationships with Microsoft Dynamics   2 million CRM success stories and counting...   Unlock the potential in your people with Microsoft Dynamics   Unlock the potential in your people with Microsoft Dynamics Data Security   Simpana® 10 software: an exponential leap forward Enterprise Hardware   The 2013 Toughpad™ tablets. Rugged, secure and built for business.   The best document scanner for you? Try KODAK's scanner selector   APC makes it easy for you to focus on business growth, not downtime. Enterprise I.T.   Brocade's mission: Making networks easier to deploy, manage, and scale.   11 Challenges Solved by Infrastructure for Small IT Environments Enterprise Software   Get critical data off paper and into SharePoint! Watch the video.   Simpana® 10 software: an exponential leap forward Hardware   The 2013 Toughpad™ tablets. Rugged, secure and built for business.   Rugged and reliable Panasonic Toughbook® mobile computers Innovation   The best document scanner for you? Try KODAK's scanner selector   Brocade's mission: Making networks easier to deploy, manage, and scale. Laptops & Tablets   Rugged and reliable Panasonic Toughbook® mobile computers. Mobile Tech   Rugged and reliable Panasonic Toughbook® mobile computers Small Business   The best document scanner for you? Try KODAK's scanner selector Tech Trends   APC makes it easy for you to focus on business growth, not downtime.

Enterprise Hardware Spotlight

Lenovo Sales Soar Amid PC Industry Slump Computer maker Lenovo says its latest quarterly profit rose 90 percent as sales of smartphones and mobile computing technology expanded, amid a decline in desktop and laptop PC sales.   Newest HP PCs Aim for Flexibility, Mobility Hewlett-Packard is hoping its latest PC innovations will revive buyer interest. The new Envy Rove20 is HP's first mobile all-in-one PC, complete with a built-in battery and touch technology.   Dell Kills Its Public Cloud Effort, Will Offer Partner Marketplace Putting the kibosh on its efforts to build out a public cloud, Dell has announced a new program to offer a choice of cloud Infrastructure-as-a-Service through a central marketplace of partners.

Mobile Enterprise Spotlight

Google, Facebook Reported in Talks To Buy Waze There's a bidding war going on over a crowd-sourced map application provider. Or so the rumor mill says. Credible sources are pointing to a competition between Google and Facebook for Waze.   Viva Movil! Buy a Phone from J.Lo Latina pop sensation and entrepreneur Jennifer Lopez is teaming with Verizon Wireless on a new 4G LTE network and wireless service dubbed Viva Movil by Jennifer Lopez, aimed at the U.S. Latino market.   Samsung Sells 10 Million Galaxy S IVs -- Four Every Second The new Galaxy S IV smartphone from Samsung is off to a strong start. The South Korean manufacturer has announced that global sales for the device have exceeded 10 million units in one month.

Enterprise Technology Spotlight

Newest HP PCs Aim for Flexibility, Mobility Hewlett-Packard is hoping its latest PC innovations will revive buyer interest. The new Envy Rove20 is HP's first mobile all-in-one PC, complete with a built-in battery and touch technology.   New Nvidia Chip Boosts Citrix Graphics for Remote Workers The latest Nvidia Graphics Processing Unit (GPU) promises to boost remote graphics sharing through the Citrix remote desktop service. The new chip delivers better graphics for remote workers.   Security Alert: Beware of Tiffany Trojan on the Attack Malware writers are using a luxury name to hack your PC. Security watchdog Sophos reports e-mails appearing to be from Tiffany.com carry an attachment that can install a malicious Trojan on your PC.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Cloud & Virtualization | Applications | Unified Communications | Mobile Tech | Hardware | Business Intelligence World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2013 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.