FANDOM



On January 10, 2013 the United States Computer Emergency Readiness Team warned that "A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack)"[1]. This government agency recommended disabling Java in web browsers.[1]

The Java update virus is a virus that could be downloaded from popup webpage tricking you into thinking you're updating Java after you get redirected to it. It's not known whether the exact same virus can also be downloaded from a popup redirect trick you into thinking you're updating Flash Player called the Flash Player update virus. Although there might be more than one virus you could download from a popup redirect tricking you into thinking you're updating Java, only one of them is called the Java update virus because it's a particularly nasty virus. It pretends to be a legitimate Java update but instead slows down PC performance with its malicious code. People sometimes got redirected to the web page for downloading it via an internet virus when using Google Chrome. Some of its effects are changing the search bar at the top of the internet browser from a Google search bar to a Bing search bar; changing the layout of some parts of YouTube to an older style, disabling Microsoft Security Essentials, and changing the home page to http://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN58012253969872311&UM=2&UP=SP16BEBC99-7FF7-4E05-BE84-5DEF9193C09B blocking you from changing it back.
Java Update virus

Web page for downloading the Java update virus

Not all of its effects are undone by doing a scan with Malwarebytes' Anti-Malware. There's another Java update virus that Cybers use to hack people's credit card information.[2][3]
Java Required

Later, another web page resembling a Java update probably for downloading a virus got made as a popup window saying 'Java Required,' then after that got blocked, another virus that resembles a Java update got made that hacks websites to redirect people to the web page for downloading it with a different url all the time to avoid detection just like the common cold which constantly mutates to avoid detection unlike small pox which doesn't mutate and so can't be caught by the same person twice. Although the page appeared to be a Java update reminder when redirected there, the page appeared blank if you typed in the same url yourself to go there. When anyone got redirected there, clicking the back button even took them back 2 pages instead of one or had a blank button if the page that got redirected there was the first page they went to in that tab. Later, the web page for downloading the evolving version of the Java update virus got blocked by www.sheliminder.com which the page for downloading would automatically redirect to right after getting redirected to it.

Java Update virus 2

New evolving version of the Java update virus

Methods of detecting the fake Java update

  • The real Java update reminder disables all computer functions other than responding to the pop up box while the box is on the screen.
  • The fake Java update reminder is part of a web page with the background of the webpage always looking the same every time the fake Java update reminder occurs.
  • The fake Java update reminder only ever occurs when you click a link to go to another web page and that web page redirects you to the web page with the fake Java update, but the real Java update reminder can appear regardless of whether there's an internet window on the screen and doesn't change the browser's web page when it pops up if the internet is on the screen.
  • The real Java update reminder only has one possible way that it ever looks and any other way a Java update reminder looks is fake, unless the person who inserted that redirect happens to be nice enough to create a real Java update page that you get redirected to, which is highly unlikely. The one in the picture is fake.

Effects that are not undone with the scan

  • The Microsoft Security Essentials program remains disabled after the scan.
  • The search bar at the top of the internet browser stays a Bing search bar after the scan.
  • Even after the scan, once in a blue moon, the home page of Internet Explorer 9 reverts back to the home page that the virus changed it to in the first place, but you're still able to change it back.

How to prevent people from accidently downloading the Java update virus

The school board could change their policy to requiring elementary schools to teach people how to judge whether or not a web page or popup window is probably for downloading any virus at all or not, not just the Java update virus. After all that training, students could be given a test on a computer where each test question shows a video of going to a web page for downloading something or fixing a problem and then at the end of the video asks whether or not that page is for downloading a virus and the student gets 1 mark for each question they answer correctly. There is a bit of randomness in whether a web page is for downloading a virus based on what it looks like so the only way to get perfect would be to get lucky but all that training can however make the expected test score nearly as high as training would theoretically allow. Bias in the test can be eliminated by making it so that the probability that a web page is a web page for downloading a virus given that it's asked about in the test isn't much different from the probability that it's for downloading a virus given how you got there (the test should always should how a web page was gotton to, not just the web page itself).

Blockage of the web page for downloading the Java update virus

The web page for downloading the Java update virus once got blocked in such a way that typing the url into the search bar wouldn't work but Bing searching the url without the https:// and clicking one of the search results would get you to that page. It's now so blocked that even that doesn't work anymore.

How it got blocked

See also

References

  1. 1.0 1.1 Oracle Java 7 Security Manager Bypass Vulnerability. US-CERT (10 January 2013). Retrieved on 2013-11-13.
  2. Remove get-new-java.com/index.php?dv1=Ybrant Popup Virus – Fake Java Update Removal. Retrieved on 29 May 2014.
  3. Remove get-new-java.com/index.php?dv1=Ybrant virus completely. Retrieved on 29 May 2014.

External links