Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Good to Know!
    Any links supplied in this forum can be expected to lead to actual live malware, and should be considered very dangerous! As such, following these links will most likely result in an infection.
    Any possible damage to a users operating system or personal files from following any of these links is completely the responsibility of the user.If you do not know what you are doing here, it is recommended you leave right away.

Adware FAKE Java update redirects pop-ups

Discussion in 'Virus Exchange' started by Prorootect, Nov 3, 2013.

  1. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    FAKE Java update redirects pop-ups with get-new-java.com, jav-global.us, nowjava.com, java-us.com, appcool.us ..


    I see redirects of webpages, FAKE Java update pop-ups (more and more recently), without user's action, ex. URL with: Ybrant%20Digital - so Ybrant Digital :
    get-new-java.com/index.php?dv1=Ybrant%20Digital
    Do NOT click on this FAKE page, please ..

    Some screenshots of English version (you have too national versions in other languages ..):

    FAKE Java Update page 850x772 enhanced.jpg
    [​IMG]
    So this is FAKE Java Update page 850x772 enhanced.jpg

    FAKE java download Disclaimer enh.jpg
    [​IMG]

    [​IMG]
    Disclaimer of FAKE Java update from source code page enh.jpg

    In French, you have URL slighty reworked (with 'jave' spelling error, ha!):
    getlatestjave.com/index.php?dv1=Ybrant Digital

    .. and some good reads:

    problem with Java - Google Product Forums - 2 days ago ...: http://productforums.google.com/forum/#!topic/chrome/iNmAEq0HfXE

    How to stop keep getting redirected to the get-new-java.com website: on blog.teesupport.com : http://blog.teesupport.com/how-to-stop-keep-getting-redirected-to-the-get-new-java-com-website/
    Quote:
    The distribution sources of this hijacker:
    it '.. is able to utilize a variety of ways to get inside the target computer. It can be installed into your system together with free software. Once you download and install such freeware, if you download these programs online, this hijacker can appear at the same time. It can spread through opening attachments, clicking of unknown links on websites, file network sharing, etc.'

    - and look too on this blog, visibly affiliated to precedent teesupport.com website, called: Virus Removal Instruction fixvirusfast.blogspot.fr blog: How do I stop redirecting to get-new-java.com Webpage Virus, how to block get-new-java.com/index.php?dv1=Ybrant%20Digital pop-ups : http://fixvirusfast.blogspot.fr/2013/11/how-do-i-stop-redirecting-to-get-new.html

    'Remove get-new-java.com/index.php?dv1=Ybrant Popup Virus – Fake Java Update Removal : on blog.mitechmate.com : http://blog.mitechmate.com/remove-g...1ybrant-popup-virus-fake-java-update-removal/

    Get-new-java.com/index.php?dv1=Ybrant is a bogus Java Update page that appears on people’s webpage as new tab to treat the users to download and install malware. Once Get-new-java.com/index.php?dv1=Ybrant infects your PC, your browsers including IE, Firefox and Chrome will be embedded with malicious codes, which will keep showing a fake Java Update page on your screen when you open browser. On Get-new-java.com/index.php?dv1=Ybrant, you will see a bogus warning:

    ' “Outdated Java Plugin Detected”
    Java Update!
    It is recommended that you update Java to the latest version to view this page.
    Please update to continue. '
    - NOT, please!

    Don’t be scammed! Once you follow its instruction to install the so called Java Update from Get-new-java.com/index.php?dv1=Ybrant , all kinds of adware, spyware, malware, or rogue antivirus program will be automatically on your system, then your system performance will become terrible and your information related money will be stolen.'

    Spread this warning among your friends, please ..

    Edit:

    Read too:

    OnRollOver - The new Click Fraud ? - by Kimberly at stopmalvertising.com : http://stopmalvertising.com/malvertisements/onrollover-the-new-click-fraud.html - about Ybrant Digital ..

    EDIT 2:
    Well .. Some links will die, the other links will be born .. like everything on this Earth.

    EDIT 3:
    And then today's (Nov.12, 2013) new links, from Google Images, and some hacked (websites, or ads on these websites ..):

    jav-global.us/FR8 (works FR1, FR2 .. to FR7, FR8): jav-global.us/FR8/download/chrome.php

    get-new-java.com/FR/index.php .. ?&dv1=86 ..: get-new-java.com/FR/index.php .. ?&dv1=86 .. &dv2= ..

    nowjava.com/index.php .. ?dv1=86 .. nowjava.com has been registered on 11/05/2013.: nowjava.com/index.php .. ?dv1= ..&dv2= .. .. QUTTERA report: http://quttera.com/detailed_report/nowjava.com Potentially Suspicious files:1.

    Example of website which gets this FAKE after some seconds: jquerybyexample.blogspot.com/2012/04/use-jquerygetscript-to-load-external-js.html

    ----------
    jajajaja .. more and more dead links of FAKE Java .. 403 Forbidden - nginx pages .. great for us!
    ----------

    'Java update virus' From Wikipedia, the free encyclopedia:
    Article (with our MT link): http://en.wikipedia.org/wiki/Java_update_virus
    Talk: http://en.wikipedia.org/wiki/Talk:Java_update_virus

    EDIT 4:
    - This domain link (get-new-java.com/index.php[/color]?dv1=Ybrant%20Digital) is expired now.

    - Prefixes of all questionable links (they were already unlinked) from this post - and from all my posts in this topic, are removed. So in this topic I discute (= exchange of the thoughts) about questionable websites, I don't post questionable links.
    So now there is a valid reason for MT administrators to return my two topics (about fake Java update, and fake pop-ups Media Player) - to its original location in Malware Talk forum section.

    - To dispel the doubts of some .. I should like to recall that this topic deals with a NEW - RECENT kind of FAKE Java update adware popups (screenshot example - in this first post of this topic, and in the Post #8 by fwed).
    They have nothing to do with the other previous Java update fake domains / websites, called "DomaIQ" adware.
    They lead (for now) to browser hijack or unwanted programs (PUPs) only, redirect to other websites like about cooking etc without interest, but NOT for viral infections or porn websites like other - old fake Java update domains, it seems to me ..
    - Look on Post #10 by Littlebits:
    'The main problem is there is no Java update virus, this is just a fake alert page for Java update .. These fake alert pages are safe to visit as long as you don't get fooled by them ..'.
    Thanks for understanding.

    - I don't feel able (and especially I see no interest for me personally) to the 'virus exchange' on 'Virus Exchange' forum. In other words, search expressly for viruses, and this kind of forum, does not interest me, sorry.
    Viruses are a type of waste, garbage for me and for many web users, I think.
    The unlinked links I posted, were leading to fake alert pop-up pages (as well emphasizes Littlebits) - not to viruses. But we don't have special 'Pop-ups forum' (for now), so the 'Malware Talk' forum seems to me the most appropriate for my two topics, about FAKE Java, and FAKE Media Player ..
    Thanks for understanding.
     
    Last edited: Dec 26, 2013
    JAMESWT and venustus like this.
  2. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    RE: FAKE Java update redirects by Ybrant Digital pop-ups

    You found this bad 'Java update' link - by Google (SSL - Secure Sockets Layer ..), with the title: Please Update Java .. among other good links .. of course.
    Bravo Google, BIG search.
     
    venustus likes this.
  3. Malware1

    Malware1 Malware Hunter Expert MalwareTips Staff

    Reputation:
    1,000
    Joined:
    Sep 28, 2011
    Messages:
    4,291
    Likes Received:
    11,314
    RE: FAKE Java update redirects by Ybrant Digital pop-ups

    It's not new. Antivirus companies call these fake Java updates as "DomaIQ" adware.

    https://www.virustotal.com/en/file/6e30a2714002bd247fa4ef02705380672bd0ca9c7bf131d1449baa79b916460b/analysis/1383500866/
     
  4. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    RE: FAKE Java update redirects by Ybrant Digital pop-ups

    On Tee Support blog (link above in the first post, please) we read:

    'The Potential Risks of Leaving of get-new-java.com Browser Hijacker
    1, it is a very newly hijacker.
    2, this program can make redirects to its own sites and show massages to tell you to update Java to the latest version, but these are fake texts.
    3, the page of --hxxp://get-new-java.com/index.php?dv1=Ybrant%20Digital provides a prompt and not an actual webpage.
    4, this hijacker can modify the settings of the internet browsers and hijack the original homepage.
    5, it has the capacity of tracing your online browsing history and record all inputted information online.
    6, this infection can bypass the detection of antivirus programs.'

    ----------------------------------------

    New & fresh malware link to download FAKE Java update I found today:
    Mise à jour Java! : java-us.com/FR/download/chrome.php - French version ..

    Please update Java! : java-us.com/US/download/chrome.php - English version ..

    etc etc, you can change two letters for the country destination ..


    EDIT:
    I found other links:
    Please Update Java : jav.us.com/download/chrome.php - so jav.us.com here ..
    Mise à jour Java! : jav.us.com/downloadclick/FR/chrome.php
    .. and flagged red by WOT, bravo! : upjavadownload.com

    EDIT 2:

    - Prefixes of all questionable links (they were already unlinked) from this post - and from all my posts in this topic, are removed. So in this topic I discute (= exchange of the thoughts) about questionable websites, I don't post questionable links.
    Thanks for understanding.
     
    venustus likes this.
  5. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    RE: FAKE Java update redirects by Ybrant Digital pop-ups

    Some results of scan by online services:

    URLVoid : about jav.us.com only, so shortened link:
    JAV.US.COM SAFETY REPORT
    The website is not blacklisted and looks safe to use. (pity, attention, please!) : http://www.urlvoid.com/scan/jav.us.com/

    URLVoid : about get-new-java.com only, so shortened link :
    GET-NEW-JAVA.COM SAFETY REPORT
    The website was registered 8 days ago, surf with caution. :
    http://www.urlvoid.com/scan/get-new-java.com/

    URLVoid : about upjavadownload.com :
    UPJAVADOWNLOAD.COM SAFETY REPORT
    The website was registered 2 months ago, surf with caution. :
    http://www.urlvoid.com/scan/upjavadownload.com/
    So after 2 monts of malware offer, this malicious site is NOT flagged by any Dr. safe browsing service ..

    Quttera scan of upjavadownload.com dit: http://quttera.com/detailed_report/upjavadownload.com
    Potentially Suspicious files: 1 .

    URLVoid : about java-us.com , so shortened link:
    JAVA-US.COM SAFETY REPORT
    The website was registered 5 days ago, surf with caution. :
    http://www.urlvoid.com/scan/java-us.com/
    Website Blacklist Report - none of these online services flagged java-us.com malicious website, not blacklisted.

    EDIT:
    Yahoo! Resolved question, 1 week ago:
    I have a Problem with Java? : http://uk.answers.yahoo.com/question/index?qid=20131029154502AAvW5E9
     
    Last edited: Dec 26, 2013
    venustus likes this.
  6. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    RE: FAKE Java update redirects by Ybrant Digital pop-ups

    [​IMG]
    Java DANGER! enhanced crop 240x240.jpg

    How to easily protect yourself .. How to avoid going to click on these links of FAKE Java?

    Easy, really.
    Try SAFE search engines, which do not provide these bad links (- with website links, images links ..)

    I did the small test of some search engines (if FAKE Java link is present or not), the results (of today ..) are here:

    UNSAFE:

    Bing
    DuckDuckGo (with the invitation: 'Try to go there')
    RedZ.com
    Blekko
    Cluuz
    Yahoo!
    Dogpile
    WebCrawler
    Lycos



    SAFE:

    Google (it's improving ..)
    CUIL!
    Lukol
    Privatelee
    Ixquick/StartPage
    Gibiru
    ManagedQ
    ApocalX
    SearchCanvas
    Devilfinder
    Exalead

    .. ..


    This choice change sometimes ..

    - Latest changes: November 11, 2013.

    ------------------------------------

    Another possibility: disable JavaScript feature in your browser ..
     
    venustus likes this.
  7. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    RE: FAKE Java update redirects by Ybrant Digital pop-ups

    hpHosts blog : http://hphosts.blogspot.fr/

    .. and click on 'Older Posts', .. ..

    Thank you, MysteryFCM !..
     
    Last edited: Dec 26, 2013
    JAMESWT and venustus like this.
  8. fwed

    fwed New Member

    Reputation:
    0
    Joined:
    Nov 12, 2013
    Messages:
    1
    Likes Received:
    0
    Hello,

    I recently experienced problems with this site. I still do not know now if my computer is infected or not.

    Description of the problem: when browsing I am sometimes redirected to a site that tells me I have to upgrade Java.
    What is strange is that, after the redirection, the "back" button of my browser becomes inactive, while I have indeed a history of navigation on the relevant tab.

    [do not click on the following links without being an advanced user]

    I noticed that the URL of the site was not always the same, here are some examples (I limit them to the domain name, the rest of the URL being customized by language or session):
    • get-new-java.com
    • jav.us.com
    • nowjava.com

    However, the final site still looks the same :
    [​IMG]

    Clicking on "OK" does not trigger anything except closing the popin. You can then click on "Accept and start free download" which triggers the download of a file Java7.exe, to don't execute of course. The downloaded file has the URL dlp.123mplayer.com where the main site appears to offer a standard Movie Player, which is certainly a virus also: 123mplayer.com

    For some reason I can not identify, it seems that the root page of the site picstopin.com automatically redirect me to the false website, for example:
    Code:
    htxp://www.picstopin.com/1024/girl-in-love-youre-beautiful/http:%7C%7C1*bp*blogspot*com%7C-m9hpdSc42mU%7CTZZCZvi8f4I%7CAAAAAAAAACA%7Cvfd6hTPBh3s%7Cs1600%7Cbeautiful%20waterfall*jpg/
    I think an expert should analyze the code of this page to see what's wrong.
    If this page does not redirect you to fake Java update, open your browser in "private session" ( "CTRL + SHIFT + N" in most browsers), and return to the address above.

    I think the redirection is not always done because it detects if you have already visited the website, and it imposes no more than once for not being detected easily.

    Could we have an expert opinion?

    Thanking you in advance!
    fred
     
  9. blackbombchu

    blackbombchu New Member

    Reputation:
    0
    Joined:
    Nov 12, 2013
    Messages:
    3
    Likes Received:
    4
    I wrote a Wikipedia article titled "Java update virus" and a lot of people are discussing deleting it and I really need help adding reliable sources to it to avoid its deletion before its too late. The discussion is taking place at https://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletion/Java_update_virus

    I really want to use that article to raise awareness of the Java update virus so that a better antivirus program will get invented that fully gets rid of that virus and other viruses of similar strength. FOR THOSE OF YOU WHO ARE WILLING TO PERMANENTLY CORRUPT YOUR OWN COMPUTER in order to very carefully research the effects of the virus, you can get to the web page for downloading the Java update virus by Bing searching the url that's at the top of the image in the article Java update virus without the http:// then clicking the link titled "Please Update Java" It will not work if you bing search that url with the http://

    All the information in that article except the last bullet is verifiable in under 5 minutes by following those steps.

    Please start researching the information already in the article and document it and then use it to create a reliable for that article if one doesn't already exist. There's only a hurry to research the information already in the article but there's no hurry to research other slower to research information such as the code of the Java update virus to expand the article and include information about how anti virus programmers deal with the Java update virus.
     
    Raul90 and JAMESWT like this.
  10. Littlebits

    Littlebits Super Moderator MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 3, 2011
    Messages:
    4,004
    Likes Received:
    3,078
    The main problem is there is no Java update virus, this is just a fake alert page for Java update, these fake alert pages are used to distribute all types of malware mostly Trojans. I have never seen a fake alert page distribute a virus before. Some will say Windows Updates, Flash Player updates, Code pack updates and you name it but they don't distribute any one-type malware, they use a variety of different types.

    So there is no Java update virus, Flash Player Update virus and so on.

    These fake alert pages are safe to visit as long as you don't get fooled by them then manually download and execute the malicious files that they distribute.

    Thanks. :D
     
    Raul90 and JAMESWT like this.
  11. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    FAKE Java update redirects pop-ups topic here ..


    Hello Fred, Hello blackbombchu, thank you both very much!

    'Could we have an expert opinion?'

    'There's only a hurry to research the information ..'

    'The main problem is there is no Java update virus, this is just a fake alert page for Java update, these fake alert pages are used to distribute all types of malware mostly Trojans. I have never seen a fake alert page distribute a virus before. Some will say Windows Updates, Flash Player updates, Code pack updates and you name it but they don't distribute any one-type malware, they use a variety of different types.
    So there is no Java update virus, Flash Player Update virus and so on.
    These fake alert pages are safe to visit as long as you don't get fooled by them then manually download and execute the malicious files that they distribute.'
    - Sure, Littlebits, you're right, so could you - or another expert - safely 'download and execute the malicious files that they distribute' - to give us more details on the level of dangerousness of this FAKE Java invitation, please?
    At the end of the line, are the dangerous viruses - or browser hijack and unwanted programs (PUPs) only?


    - Hmm, and where they come from ?..
    Maybe you know the tool with which we could discover the origin of these FAKE Java pop-ups ?..

    ------------------------

    EDIT:

    Found new Youtube videos about:

    How Do I Remove get-new-java.com Redirect Completely . - by MiTech Mate :

    How to Get rid of --http://get-new-java.com popup virus (fake Java update virus) . - by Mr.RemoveVirus :

    -------

    For 'virus' terminology, look on Littlebits' explications here: http://malwaretips.com/Thread-Fake-...nd-How-Do-You-Avoid-Them?pid=140729#pid140729

    'It is common for all malware to be labeled as virus since most users don't know the different in the types of malware.'

    -------
     
    Last edited: Dec 26, 2013
    JAMESWT and venustus like this.
  12. blackbombchu

    blackbombchu New Member

    Reputation:
    0
    Joined:
    Nov 12, 2013
    Messages:
    3
    Likes Received:
    4
    From the extra information somebody added to the article "Java update virus," I know that the Java update virus took effect by taking advantage of a vulnerability of the Java Security Manager to be granted permission to execute any code at all. To make a better anti malware program that can get rid of all malicious items on the computer no matter how powerful they are, that security scanner should be made in such a way that it even gets rid of unfimiliar harmless ones to guarentee the removal of harmful ones that have a code to disguise as harmless ones. It should also remove all internet browser ad ons and any information in the computer that affects how the internet browser works. For instance, it would remove JavaScript from the internet browser, sign one out of all ones own accounts and reset the game Fireboy and Watergirl from http://www.addictinggames.com/ which is not supposed to be possible to do. Just because that scanning program removes JavaScript from the browser doesn't mean it has to remove the JavaScript program from the computer entirely forcing one to redownload it from the oracle website. After the scan is finished, it should offer the option of deleting Microsoft Security Essentials and reinstalling it because that program is probably permanently corrupted by the Java update virus.
     
    JAMESWT likes this.
  13. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    .
    NEW direct links of FAKE Java update pop-ups I found yesterday:

    appcool.us : yeah very cool .. for us .. LOL

    jav.us.com/downloaddatam/FR/chrome.php : jav.us.com/downloaddatam/FR/chrome.php

    And for our German friends: jav.us.com/DE/download/chrome.php : jav.us.com/DE/download/chrome.php

    --------------------

    - On this same IP: 192.155.84.22 I found WhatsAppStore.com website ..

    whatsappstore.com/contact/ : WhatsAppStore Contact us
    Need to service please Contact us
    Email: leadsforsunhongru@gmail.com
    Our Mailing Address is: FuQin Xi Lu 16Hao Sichuan,Chengdu,610000 China

    whatsappstore.com/about/index.html : WhatsAppStore About Us
    Our company’s headquarters is based in China
    Two Senior Network Engineers
    Five Application Developers
    Three Network Editors. And our company is still growing to maturity

    LOL ?..
    ---------------------

    More and more websites are interested in fake java update pop-ups threat. Found recently:

    AVGthreatlabs.com : Fake Java Update : http://www.avgthreatlabs.com/virus-and-malware-information/info/fake-java-update/

    'Fake Java Update is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC.
    Fake Java Update is currently ranked 8 in the world of online malware ..'

    .......

    [​IMG]
    Malware on binary!.bmp
    - source image: in this (old but good) topic : http://www.itpro.co.uk/645427/microsoft-warns-users-to-be-wary-of-fake-java-updates

    EDIT:
    - Prefixes of all questionable links (they were already unlinked) from this post - and from all my posts in this topic, are removed. So in this topic I discute (= exchange of the thoughts) about questionable websites, I don't post questionable links.
    Thanks for understanding.
     
    Last edited: Dec 26, 2013
    JAMESWT and venustus like this.
  14. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    Hell, and what to say about another website, with this same IP:192.155.84.22 : called Whatspp Game App - WhatsApp & Game & App on gameapp.us/kids/ : gameapp.us/kids/
    - this same yellow bars (more!) like on WhatsAppStore.com website ..
    Home page are on gameapp.us : --www.gameapp.us/ - more and more yellow bars ..

    If you click on yellow bar, you're redirected quickly ..
    - but not in the direction of the United States, no ..

    Pity, that another website with this same IP : whatsappgames.biz/ - has no yellow bars, but very blank page, by chance. So no business here, for now ..

    - like here, 'good' neighbors (Attention - all FAKE councils!): on appcool.us, jav.us.com:
    'You are currently using a Java Plugin which may be outdated Please Update To The Latest Version Of Java (Recommended)'
    'Vous utilisez actuellement un plugin Java qui peut être obsolète S'il vous plaît mettre à jour à la dernière version de Java (recommandé)'
    'Sie sind zur Zeit ein Java-Plugin, das veraltet sein können Bitte aktualisieren Sie auf die neueste Version von Java (empfohlen)'

    --------------

    Next time, we will take an close interest about another IP of host name of jav-us.com - which is: 66.175.216.165
    So see you next time ..

    EDIT:
    The first website from this new IP:66.175.216.165 I see, is moking.us .. hmm moking us? They're mocking us ?.. lol
    About Us page: moking.us/files/about.htm Two yellow bars ..
    'About Us
    Our company’s based in China
    Three Senior Network Engineers
    Four Application Developers
    Two Network Editors. And our company is still growing to maturity '
    - Hell, this one too, still groving to maturity.

    Contact Us page: moking.us/index.php#/files/contact.htm
    'Moking Contact us
    Need to service please Contact us
    Email:Service@moking.us
    Our phone number: 0871-68395258
    Our Mailing Address is: Jiang Dong Hua Yuan 18Hao YunNan,Kunming,650123 China '

    -in 'good' neighbors of course, of:

    Please Update Java (- FAKE Java): java-us.com/UK/download/chrome.php
    'You are currently using a Java Plugin which may be outdated Please Update To The Latest Version Of Java (Recommended)'

    .. and: Please Update Java (- FAKE Java): java-us.com/DE1/download/chrome.php
    'Sie sind zur Zeit ein Java-Plugin, das veraltet sein können Bitte aktualisieren Sie auf die neueste Version von Java (empfohlen)'

    [​IMG]
    Wheat_gluten_(vegetarian_mock_duck)_opened_can enhanced resiz.jpg

    EDIT:
    - Prefixes of all questionable links (they were already unlinked) from this post - and from all my posts in this topic, are removed. So in this topic I discute (= exchange of the thoughts) about questionable websites, I don't post questionable links.
    Thanks for understanding.
     
    JAMESWT and venustus like this.
  15. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    Another website with yellow horizontal bars, with this same IP: 66.175.216.165 I found:
    --www.go2mobs.com, and go2mobs.com/

    Go2mobs About us page says:
    About Us
    We are Social Gaming Network delivers the best premium
    For game developers, Go2mobs delivers a single integration SDK to publish games on all carrier games stores
    Our Team
    Four Application Developers
    Two Account Manager
    Three Network Editors. And our company is still growing.

    Go2mobs Contact us
    please Contact us
    Email:Service@go2mobs.com
    Our phone number: 0832-6125636
    Our Mailing Address is: Renmin road 28hao .ZiZhong,Neijiang,641200 China

    HURRICANE ELECTRIC Internet Services says: http://bgp.he.net/ip/66.175.216.165#_dns
    Address has 14 hosts associated with it.
    The following A records are set to 66.175.216.165:
    go2mobs.com, hot-mobs.com, java-us.com, mbtool.us, mebuymobile.com, mobicoolo.com, mobilefreego.com, mobilelori.com, moking.us, myhaomy.com, mysoftwaredown.com, mysoftwarepark.com, vistz.com, vm422.com

    ip-www.net i_nformations about IP 66.175.216.165: http://ip-www.net/66.175.216.165
    14 Websites use this IP address ..

    Search on Google for: "Need to service please Contact us" - interesting, I found --www.you2style.com domain ..
    - which has IP: 137.175.13.49
    whois.arin.net says for NetRange 137.175.13.32 - 137.175.13.63 : http://whois.arin.net/rest/net/NET-137-175-13-32-1/pft
    Customer tian jakwer (C04640363)
    And then http://whois.arin.net/rest/customer/C04640363.html about customer tian jakwer:
    Name tian jakwer
    Handle C04640363
    Street anhuei
    City anhuei
    State/Province CA
    Postal Code 610023
    Country CN


    - So maybe the FAKE Java update websites (still groving) are from China .. - What you think

    -----------

    New website I found today: java-us.com/UK1/download/chrome.php

    -----------

    jav-global.us domain - has 3000 visitors per day ..

    ---------

    Still groving .. to maturity.

    EDIT:
    - Prefixes of all questionable links (they were already unlinked) from this post - and from all my posts in this topic, are removed. So in this topic I discute (= exchange of the thoughts) about questionable websites, I don't post questionable links.
    Thanks for understanding.
     
    Last edited: Dec 26, 2013
    JAMESWT and venustus like this.
  16. illumination

    illumination Community Superstar Trusted Member

    Reputation:
    1
    Joined:
    Jun 20, 2011
    Messages:
    2,674
    Likes Received:
    1,742
    There is a real easy way to avoid clicking on these fake links for Java...
    Control Panel/Programs/programs/features, click Java, click uninstall...
    Problem solved! ;) :D
     
  17. Littlebits

    Littlebits Super Moderator MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 3, 2011
    Messages:
    4,004
    Likes Received:
    3,078
    That does work if you need Java for other programs on your system, however Java has its own updater which works great. Most users that pay attention knows about the Java Updater. There is no need to download Java from any sites after it is installed just use the updater.

    [​IMG]

    Thanks. :D
     
  18. illumination

    illumination Community Superstar Trusted Member

    Reputation:
    1
    Joined:
    Jun 20, 2011
    Messages:
    2,674
    Likes Received:
    1,742
    That was just some of my humor added in, but in all seriousness, Java is always targeted/exploited "the exploits come out just as fast as they patch the last one", and it is one software that is not allowed on my system. If programs i look at require it, i move on, without those programs..
     
  19. Littlebits

    Littlebits Super Moderator MalwareTips Staff

    Reputation:
    1,000
    Joined:
    May 3, 2011
    Messages:
    4,004
    Likes Received:
    3,078
    It is the browser plugins for Java that are exploited not the program language itself, you can easily disable the browser plugins from the Java Control Panel and still use Java for your installed programs that need it.

    [​IMG]

    Thanks. :D
     
  20. Prorootect

    Prorootect Well-Known Member

    Reputation:
    0
    Joined:
    Nov 5, 2011
    Messages:
    3,057
    Likes Received:
    1,818
    - Hmm, these FAKE Java updates are for all of us, for those with Java, AND too for all people (like me) without Java.
    Each one could click on bad link and get these pop-ups.
     
    JAMESWT and venustus like this.

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads: FAKE Java
Forum Title Date
Virus Exchange Fake Java Download Sep 3, 2014
Malware Removal Assistance Fake Java Update Redirect Aug 17, 2014
Virus Exchange Fake Java Installer/Updater Aug 3, 2014
Malware Removal Assistance Fake java update help please Jun 3, 2014
Malware Removal Assistance Fake Java Updates Apr 15, 2014

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.