Beware of fake Java updates

New malware poses as Java updater to fix recent vulnerabilities.

Following recent security vulnerabilities in Java , malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime.

The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11.jar" that contains two Windows-based executables called "up1.exe" and "up2.exe." When installed the programs open a back door to a command and control server.

The malware apparently is not exploiting any vulnerabilities in Java, but is merely taking advantage of the current state of Java to trick users into running the fake installer.

While this malware so far is for Windows only, such approaches can be used for other platforms as well, as has been seen in OS X with Flashback , which exploited people's trust in (or at least their recognition of) the Adobe Flash updater.

This serves as a reminder that if you need to use Java, be sure to apply updates only from the Java download page or from the Java Control Panel that is installed along with Java. If you get a notice that an update is available when performing day-to-day activities, then it's best to cancel it and go to either of these resources to get the update.

Given this and the recent and ongoing problems surrounding Java, if you do not need to use Java, it's best to avoid the software and uninstall it from your system. If you do need to use Java, consider at least implementing some options to manage the plug-in and only get updates from official sources to ensure that your system is as safe as possible.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Delete your photos by mistake?

    Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.