Tuesday, January 22, 2013
Instead of updating to Java - malware
The situation with vulnerabilities in Java received a wide resonance in print and electronic media therefore users with impatience expect updating for a popular computer platform. Producers of harmful programs at once used it, having created sites which allegedly offer the last updates for Java.
Researchers at Trend Micro reported that attackers use fake update javaupdate11.jar, which contains javaupdate11.class, load and execute malicious files and up1.exe up2.exe.
One of loaded files is a backdoor Andromeda, which connects to a remote server and allows attackers to gain control of an infected system. And the second is spyware that logs keystrokes on the keyboard, and provides access to download additional malware.
Researchers warn users who want to download the updates for Java, the need to verify the authenticity of the resource, where it will be loaded.