The fake security update or malware as we would call it so created mimics a genuine fix for the vulnerability with a Java logo and even requesting permission before installation. If users are not too careful they would end up installing the malware instead of a security update.
Kevin Haley, Director, Security Response at Symantec said, “The Java security update is a type of social engineering. It’s unrelated to the vulnerability; it’s just a way to get people to click on the attachment”, notes eWeek.
Users who have adequate security in place may have thwarted such fake security updates but, there is no way of ensuring if the anti-virus software did catch the malware. So updating the anti-virus software is the key to dealing with such malware. Such malware is not a new thing and as a general rule users shouldn’t click on attachments and have to be very cautious and at times even suspicious of the executable or file they are accessing if the source of the file is not known.