duminică, 10 decembrie 2017

Fake Java Update – Malware analysis

File hosted on: h**p://www.packagegiftnow.com/
As you already know, some websites have implemented a script that tells you that you have an old version of Java and gives you the ability to update.
Of course this is a fake update and what you will install on your computer will be a modified file.
This can be a virus, trojan, adware, etc. The idea is that 100% will change something in your computer and you will become the victim. What it means to be a victim can be found in the previous articles.

Total Virus says there would be some detections.
Virus Total Report
I will open this “update” to analyze it.
It has a nice message that tells you something is not going on, but in the background things have already started to work…
Executable connects to:
..and after a few searches, I discovered that several domains were hosted at this address:
All with reports for spam, malware, ddos, etc
Access your computer in many folders, even if it does not work …
Unfortunately, I do not have time for a more complex analysis today, but the basic idea is that this Java Update is not beneficial.
So be careful what you download and from who!


Have fun & Stay safe!

Niciun comentariu:

Trimiteți un comentariu