Pierre (aka Terdef)

Hi all, This is a fake Java update. Drive-by download of an old Java update with a repack of the installer. Used to download and install adware, toolbars, web browser plugin, hijack of the starting page and the search engine within the browser, PUP like false antivirus (crapware), etc. ... The trap is at xxxx :// javeupdatecaa.com/download/chrome.php javeupdatecaa.com has nothing to do with Oracle, the owner and publisher of Java. The owner’s name is hidden by means of a privacy mechanism located in Panama in this domain name. The domain was created on 24.10.2013, that is to say there are three days at the time of writing this message. After clicking on the button, the download starts and it is a file called Java.exe that is downloaded from the website 123mediaplayer.com The owner’s name is hidden by means of a privacy mechanism Created 25.09.2012 Iles Baléares Serveur 54.200.111.209 (dedicated server) Who is the sponsor (who benefits from the crime)? A priori, it would be DSNR Media Group which have many affiliate sites like peperonity.com, youtube.com, allsp.ch, t411.me, fr.dilandau.eu etc.. ... (800 domains identified). virustotal 2 - from 123mediaplayer.com virustotal 2 - from cloudsvr12.com At the time of my scan : AntiVir APPL/DomaIQ.Gen7 20131028 Avast Win32:DomaIQ-AN [PUP] 20131028 DrWeb Trojan.Packed.24553 20131028 ESET-NOD32 MSIL/DomaIQ.B 20131028 Fortinet Adware/DomaIQ 20131028 Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829 Malwarebytes PUP.Optional.BundleInstaller.A 20131028 McAfee Adware-DomaIQ 20131028 Norman DomaIQ.CERT 20131028 SUPERAntiSpyware PUP.DomaIQ/Variant 20131028 TrendMicro-HouseCall TROJ_GEN.F47V1025 20131028 VIPRE DomaIQ (fs) 20131028 Compromised systems are : Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP My page (French) with screen shots Alerte Java - Fausses mises à jour - Octobre 2013 My forum thread (French) Alerte Java - Fausses mises à jour - Octobre 2013 If you clicked on the button on the fake update and it was done: 1 / My anti-malware procedure (in French) ESET must have something similar (and all the support and decontamination forums also) Décontamination anti-malwares 2 / Actual update Java (French) Quelle est ma version de Java - Mise à jour ou Installation de Java Regards Pierre Pinard - Pierre (aka Terdef) Assiste.com since 1997 Security of computers and Internet browsing Protection against cybercrime and new technologies dirty tricks Privacy protection