‘Update the latest Java version’ Pop-Up Alert

The 'Update the latest Java version' pop-up alert is one more fake Java update that exploits the well-known name of the Java platform as a way to attack vulnerable PCs. Instead of installing a real Java update, the 'Update the latest Java version' pop-up alert's 'update' includes Potentially Unwanted Programs and, in the worst cases, even threats, such as backdoor Trojans. Due to the flexible but substantial security risks associated with all general-purpose attacks, malware researchers would recommend using anti-malware scans to examine any computer that's exposed to a 'Update the latest Java version' pop-up alert, whether or not you accepted its fake update.

The Update that Downgrades Your PC's Safety

Although PC users, as a whole, are starting to become aware of the importance of keeping their software updated, criminals are exploiting the still-murky public understanding of products like Flash and Java. The 'Update the latest Java version' pop-up alert is one of many variants of an online hoax that attempts to install threats with the consent of the victim, with the payload disguised as a patch for Java. Because Java may be required for displaying a website content, especially for media-rich websites, a careless PC user easily could install the 'Update the latest Java version' pop-up alert's fake 'patch' without being aware that an attack has occurred.

The 'Update the latest Java version' pop-up alert's attack is effective as a social engineering tactic, but isn't significantly different from similar attacks malware experts have noted, such as the 'Java Software Critical Update' pop-up alert, the 'Video Update Recommended' Pop-Up or the 'No Java Detected' Pop-Up Alert. Like similar attacks, the 'Update the latest Java version' pop-up alert owes most of its distribution to advertising and content delivery networks with poor security like Rvzr-a.akamaihd.net. Limiting your exposure to these sites, and blocking their content by any means necessary, can provide a basic level of default protection from the 'Update the latest Java version' pop-up alert and other attacks.

What Happens to Your Computer When You Take an Update for Granted

The 'Update the latest Java version' pop-up alert may be reloaded with different payloads and is unlikely ever to distribute just one type of threat. In general, malware researchers find that the 'Update the latest Java version' pop-up alert and similar pop-up attacks tend to install PC threats. However, a 'Update the latest Java version' pop-up alert also may be responsible for installing basic browser pests like search engine hijackers, toolbars and adware.

Because all of the above are possibilities, even when you refuse an 'Update the latest Java version' pop-up alert's download, a proper response to this pop-up attack always should include the use of reliable anti-malware products. After you've verified that your PC is safe or disinfected, as necessary, malware researchers would consider enabling means of blocking future attacks by the same means. In most cases, disabling pop-ups, advertisements and scripted content from sites that you don't trust may block the majority of attacks like the 'Update the latest Java version' pop-up alert, with your anti-malware protection picking up the slack for any attacks that slip through the cracks.

Technical Details