Clever phishing attack exploits Java security holes

First thing: happy Easter!

Some spammers are very clever. I just received an e-mail from someone claiming to be “Liza Mecklenberg” from a company called (others have received this offer from JPP Consulting), offering to pay $750 a month to place a banner ad on this web site. I could even choose which ad to place from a gallery on her own site.

It sounded too good to be true, and of course it was. My first tip was that no advertiser would make this kind of offer without knowing anything about how many visitors the site gets, whether they’re new or repeat visitors, how long they stay, what they look for, and so on.

The other tip-off was going to that site with my iPad, and getting a message that I had to access it with a regular computer, not a mobile device. Why? Because it’s a Java applet that displays the banner ads to choose. And guess what? The Java is infected with malware that will wreck your system and wreck your life. I didn’t even get near it.

I place part of the blame on Oracle, for not fixing the awful mess that Java has become. To make things even worse, some Java “patches” are actually malware in disguise. If you’re going to update Java, make sure to do it directly from Oracle (at But it’s an even better idea to uninstall Java unless you really need it.


On Key

Related Posts

Get in touch