Oracle alerts firms to bogus malware-laden ‘security patches’

Posted on Posted in Hacker News
Hackers are targeting enterprise companies with bogus, malware-laden patches purporting to come from Oracle.

Bogus Oracle patches are targeting businesses

Antonella Giovannetti, Oracle’s Proactive response team engineer, warned in a threat advisory that customers to be vigilant about the attacks.

“Warning. It has come to our attention that there are non-Oracle sites offering Oracle ‘fixes’ for genuine Oracle error messages,” read the advisory.

The malware and the specific attack sites remain unknown, and Oracle had not responded to V3‘s request for further details at the time of publishing.

Despite the lack of firm information on the threat, Giovannetti urged customers to take a variety of pre-emptive protective measures.

“You probably already don’t need to be told. However, please do not download these fixes as they are not authorised by us in any way and they are more than likely to be dangerous to your system,” read the advisory.

F-Secure security advisor Sean Sullivan told V3 that, while details about the attacks remain scarce, campaigns trying to infect companies using messages masquerading as legitimate updates are not uncommon.

“Given the target-base – Oracle customers – I think I’d categorise this as a type of search engine optimisation [SEO] or watering hole attack. So not common, but not uncommon,” he said.

“We’ve seen lots of industries targeted in the last year or two. Sounds like bad the guys have done some SEO work to lure potential victims to legit-looking sites that offer ‘patches’.”

Jason Steere, director of technology strategy at FireEye, mirrored Sullivan’s suggestions, revealing that the firm sees similar attacks on a regular basis.

“It’s probably a crimeware or ransomware attack going for high-volume infection to sell on infected PCs to a bot,” he told V3.

“Very sadly, many end users believe what they see. It’s just another week and another attack using fake update mechanisms. It’s very common as it plays on the fear of end users.”

Oracle’s warning follows the discovery of several large-scale hack campaigns. Attackers managed to deface the US Central Command’s Twitter and YouTube feeds on Monday.