Oracle recently released a ?fix? for Java 11?s headline-bursting security
hole. Now, TrendLabs says they?ve discovered malware disguised as this fix,
likely opening up even more people to zero-day exploits.
Java has been blamed for numerous malware attacks, sending security experts and the U.S. Department of Homeland Security to encourage all users to disable it on their machines. The most recent security flaw in Java had been included in hackers toolkits, packages of software used by cyber-criminals to attack machines. Java released a fix for this widespread exploit shortly after the Department of Homeland Security issued an alert about the dangers of Java. Less than 24 hours later, one hacker reportedly offered to sell a completely different exploit in Java 11 to anyone willing to dish out $5,000 for it.
All of this has happened in the first 18 days of the new year.
Today?s news claims that anyone who downloads the ?fix? for Java 11 from anywhere other than Oracle?s website may be in danger of yet another zero-day exploit.
?We were alerted to reports of a malware that poses as Java Update 11 created by an unknown publisher,? writes Paul Pajares, fraud analyst for TrendLabs. ?The said fake update in question is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe (both detected as BKDR_ANDROM.NTW).?
Read More...
Call Us +1-855-517-2433 (Toll Free)
Java has been blamed for numerous malware attacks, sending security experts and the U.S. Department of Homeland Security to encourage all users to disable it on their machines. The most recent security flaw in Java had been included in hackers toolkits, packages of software used by cyber-criminals to attack machines. Java released a fix for this widespread exploit shortly after the Department of Homeland Security issued an alert about the dangers of Java. Less than 24 hours later, one hacker reportedly offered to sell a completely different exploit in Java 11 to anyone willing to dish out $5,000 for it.
All of this has happened in the first 18 days of the new year.
Today?s news claims that anyone who downloads the ?fix? for Java 11 from anywhere other than Oracle?s website may be in danger of yet another zero-day exploit.
?We were alerted to reports of a malware that poses as Java Update 11 created by an unknown publisher,? writes Paul Pajares, fraud analyst for TrendLabs. ?The said fake update in question is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe (both detected as BKDR_ANDROM.NTW).?
Read More...
Call Us +1-855-517-2433 (Toll Free)
No comments:
Post a Comment