Security researchers are warning PC users to beware of two new malware attacks. Hackers have released a fake Java patch that is really part of a ransomware campaign, and the banking Trojan known as Shylock is now spreading via Skype.
“Beware any Java security update that you don’t download directly from Oracle’s website,” wrote InformationWeek’s Mathew J. Schwartz. “That warning comes via antivirus firm Trend Micro, which has spotted a new ransomware campaign using malware that’s packaged to resemble Java 7 update 11. The real update was released Sunday by Oracle as an emergency fix for two zero-day vulnerabilities in Java — including CVE-2012-3174 — that are being actively exploited by attackers.”
Computerworld’s Jeremy Kirk noted, “Hackers often disguise their malware as a legitimate software update in the hope of confusing IT staff. Interestingly in this case, the fake update doesn’t actually exploit the vulnerabilities that Oracle patched on Sunday, [Trend Micro’s Paul] Pajares wrote. The user is tricked into downloading a different piece of malware.”
ITWorld’s Lucian Constantin reported, “The Shylock home banking malware has been updated with new functionality that allows it to spread automatically using the popular Skype Voice-over-IP (VoIP) and instant messaging client. Shylock, named after a character from Shakespeare’s The Merchant of Venice, is a Trojan program discovered in 2011 that steals online banking credentials and other financial information from infected computers.”
InfoSecurity quoted CSIS researcher Peter Kruse, who wrote, “When analyzed, during an investigation, we noticed that Shylock is now capable of spreading using the popular Voice over IP service and software application, Skype. This allows the malicious Trojan-banker to infect more hosts and continue to be a prevalent threat. Also, the timing does not seem completely coincidental as Microsoft just recently announced that they are discontinuing their Messenger solution and replacing it with Skype.”