Oracle has had no shortage of headaches recently, thanks to Java. The exploits have been running wild lately, making attempts to fix the problems resemble a game of whack-a-mole. In fact, the troubles even resulted in the United States Department of Homeland Security being forced to post a warning against using the platform.
In a post to the government website, the DHS warned that "by convincing a user to load a malicious Java applet or Java Network Launching Protocol (JNLP) file, an attacker could execute arbitrary code on a vulnerable system with the privileges of the Java plug-in process".
Now Microsoft has joined this sad party. Eve Blakemore posted a warning via MSDN, that malicious Java updates are now being circulated on the internet. "In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately. We agree that if you use Java on your device you should update it directly from the Oracle website". She goes on to warn users that if they do not get the update directly from Oracle, then they should either use an older version or simply disable Java in their web browser.
This does not come as a big surprise. Pop-up security alerts and fake Flash updates have been circulating for sometime now. Thanks to the warnings, Java has become the latest target to be taken advantage of. The fear factor is an easy way to compromise unsuspecting users.