Be aware of fake Java patches for the zero-day exploits

We and pretty much the rest of IT world, have written about the Java zero-day exploit, about the fast patch that Oracle release to remove some of the market pressure and also about the fact that such a quick move can only mean that even more bugs were probably introduced, which might lead to other exploits.

Such a mass media frenzy couldn’t have get unnoticed and unused by the cybercriminals.

Now, we and other security companies are seeing malware that pretend to be a patch for the well-known Java zero-day exploit. The malware is pretending to be the Java 7 Update 11 which fixes the mentioned zero-day exploit. All Avira product detect it with the name Java/Agent.AR.

If you haven’t uninstalled Java from your system, then learn here how to disable it securely. If you are not sure if you have Java installed, then use Java’s own page for detection.

This is how it must look like if Java is not installed on your computer or it is deactivated:

 

If you see a website that is displaying some kind of error that it can’t run something because Java is not installed, then don’t let yourself fooled and never install a software, let it be patch or not, from any other source than the producer’s website. In this particular case, visit this URL and download the installation kit from Oracle: http://java.com/en/download/index.jsp .

 

Sorin Mustaca

IT Security Expert