A series of vulnerabilities were found on Oracle’s Java software a little while back that could be used to be compromise and affect systems. The weakness got deserved attention with several media outlets reporting the news of the liability.
Sadly, it also came into attention of a lot of cybercriminals, who are using the opportunity to lure customers into downloading further malware.
Oracle actually fixed the above mentioned vulnerability soon after, and released Java 7 Update 11 to address it. This is seemingly what cybercriminals are trying to exploit, and lure web surfers into downloading their own malware.
Microsoft has also gone ahead and put up a heads up on a MSDN blog asking users to only update Java on their machines directly from Oracle’s website. As Eve Blakemore explained:
“Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software.
In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately.”
Redmond also notes that Java is often targeted by hackers and cybercriminals, and recommends users to either keep their Java version up to date, or install older versions and disable Java in their browsers to protect themselves:
“If you don’t, then it’s a good idea to uninstall older versions of Java and disable Java in your browser like you would for any unused software.”
This backdoor exploit allows hackers to take control of infected computers, so if you are using an older version of Java, it is best to download the latest update from the official website.