Following recent security vulnerabilities in Java, malware developers are taking a new approach to exploit the Java platform by issuing false updates that pose as legitimate updates for the runtime.
The latest version of the Java runtime that fixes recent vulnerabilities is update 11, and Kaspersky labs is reporting that a new malware is out that poses as "Java Update 11." The malware is packaged in a Java archive file called "javaupdate11.jar" that contains two Windows-based executables called "up1.exe" and "up2.exe." When installed the programs open a back door to a command and control server.
The malware apparently is not exploiting any vulnerabilities in Java, but is merely taking advantage of the current state of Java to trick users into running the fake installer.
Related stories
- New malware exploiting Java 7 in Windows and Unix systems
- Another OS X Trojan imitates Adobe Flash installer
- ... [Read more]
No comments:
Post a Comment