The Latest in IT Security

More Fake-Java Malvertising


A month ago, we blogged about a malvertising attack centered around fake Java updates

We're currently tracking a similar ad-driven campaign, with a somewhat different-looking landing page:

screenshot of fake Java update site

Or, you may see the "scary" version:

screenshot of fake warning

Unlike the previous campaign, this one uses much more believable domain names. In the past month or so, we've seen the following:

(It's interesting that most of the names appear designed to play upon peoples' fears about vulnerabilities in Java. After all, who wouldn't want a secure version of Java? Sign me up!)

Today [10/02], clicking on the Download button relayed me to a different site: Which, unfortunately, wouldn't actually give me a download to play with, so I can't report on current detection rates. (I like Bad Guys who are more sporting, or who have more faith in their payload encryption and polymorphism…) However, some of our other analysts have been more successful, and their notes are consistent in flagging the payloads as Malware, not PUS (Potentially Unwanted Software).

Anyway, the main ad networks feeding this campaign include,,, and an interesting network of junk .SE domains that appear to be linked to ThePirateBay and other torrent sites.

There is also a buddy network involved in the relays to the downloads, and many of those URLs have codes that specifically reference campaigns in a half-dozen countries: Australia, France, Spain, Germany, Italy, and the UK. Which highlights why malvertising is such a great way to reach a world-wide audience…


Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments