Hi all,
This is a fake Java update.
Drive-by download of an old Java update with a repack of the installer.
Used to download and install adware, toolbars, web browser plugin, hijack of the starting page and the search engine within the browser, PUP like false antivirus (crapware), etc. ...
The trap is at xxxx :// javeupdatecaa.com/download/chrome.php
javeupdatecaa.com has nothing to do with Oracle, the owner and publisher of Java.
The owner’s name is hidden by means of a privacy mechanism located in Panama in this domain name.
The domain was created on 24.10.2013, that is to say there are three days at the time of writing this message.
After clicking on the button, the download starts and it is a file called Java.exe that is downloaded from the website 123mediaplayer.com
The owner’s name is hidden by means of a privacy mechanism
Created 25.09.2012
Iles Baléares
Serveur 54.200.111.209 (dedicated server)
Who is the sponsor (who benefits from the crime)? A priori, it would be DSNR Media Group which have many affiliate sites like peperonity.com, youtube.com, allsp.ch, t411.me, fr.dilandau.eu etc.. ... (800 domains identified).
virustotal 2 - from 123mediaplayer.com
virustotal 2 - from cloudsvr12.com
At the time of my scan :
AntiVir APPL/DomaIQ.Gen7 20131028
Avast Win32:DomaIQ-AN [PUP] 20131028
DrWeb Trojan.Packed.24553 20131028
ESET-NOD32 MSIL/DomaIQ.B 20131028
Fortinet Adware/DomaIQ 20131028
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
Malwarebytes PUP.Optional.BundleInstaller.A 20131028
McAfee Adware-DomaIQ 20131028
Norman DomaIQ.CERT 20131028
SUPERAntiSpyware PUP.DomaIQ/Variant 20131028
TrendMicro-HouseCall TROJ_GEN.F47V1025 20131028
VIPRE DomaIQ (fs) 20131028
Compromised systems are : Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
My page (French) with screen shots
Alerte Java - Fausses mises à jour - Octobre 2013
My forum thread (French)
Alerte Java - Fausses mises à jour - Octobre 2013
If you clicked on the button on the fake update and it was done:
1 / My anti-malware procedure (in French)
ESET must have something similar (and all the support and decontamination forums also)
Décontamination anti-malwares
2 / Actual update Java (French)
Quelle est ma version de Java - Mise à jour ou Installation de Java
Regards
Pierre Pinard - Pierre (aka Terdef)
Assiste.com since 1997
Security of computers and Internet browsing
Protection against cybercrime and new technologies dirty tricks
Privacy protection