It would seem that Malware developer are already taking advantage of Java's increasingly popular security vulnerabilities. Following the zero-day Java exploit, a malware campaign has been uncovered that poses as a Java updater meant to fix recent vulnerabilities in the Java plugin. According to Kaspersky labs, the fake update, called "javaupdate11.jar" contains two malicious executable files: up1.exe and up2.exe. When these files are executed, they open a backdoor which connects to a remote server that takes control of the infected systems. It's relatively easy to fall prey to this type of attack which typically relies on social engineering tactics to ensnare users. To be quite honest, with the recent security issues in the Java software, this form of trickery really shouldn't come as much of a surprise. Java did release an emergency update shortly after the zero-day vulnerability was detected, however -- as many security experts have already stated -- the update doesn't exactly protect users from attacks. Considering that the zero-day, which apparently targeted a pair of vulnerabilities, was mainly due to an incomplete patch from back in October, who knows what other security vulnerabilities would emanate from Oracle's latest update? At this point, it's increasingly looking very unwise to leave Java installed on your computer.
