Lunacom Java Update from "javaupdatefr.com"

Post Reply
tperla
Posts: 4
Joined: Wed Jan 18, 2012 2:13 pm

Lunacom Java Update from "javaupdatefr.com"

Post by tperla » Wed Oct 23, 2013 9:46 am

A URL appeared today mysteriously on a tab that said my computer was using an obsolete version of Java.

When I downloaded the new version, the usual Windows screen showed that the origin of the software was "Lunacom" - which set me to thinking because Java is owned by Oracle.

I downloaded the software nonetheless and, thankfully, Avast blocked it as malware.

I suggest therefore that you be very careful if you receive the same message. I cannot understand how the screen loaded onto a tab - which looked authentic with the Java logo. It's URL contained this identification "javaupdatesfr.com".

KoolerTheFirst
Posts: 262
Joined: Thu Sep 20, 2012 2:08 am

RE: Lunacom Java Update from "javaupdatefr.com"

Post by KoolerTheFirst » Fri Oct 25, 2013 2:33 am

Rated.

Thanks for pointing this one out, I'm sending it to MysteryFCM to put on HpHosts right now.

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

RE: Lunacom Java Update from "javaupdatefr.com"

Post by MysteryFCM » Fri Oct 25, 2013 5:10 am

"javaupdatefr.com" does not currently resolve. However, I note your post has an extra "s" in the domain, which does resolve (the domain is parked at present);

IP: 69.43.160.163
AS: 22489 69.43.128.0/18 CASTLE-ACCESS - Castle Access Inc

Boonsiri
Posts: 268
Joined: Tue Jun 14, 2011 10:06 am

RE: Lunacom Java Update from "javaupdatefr.com"

Post by Boonsiri » Sat Oct 26, 2013 3:52 am

(ww2.) javaupdatesfr.com does resolve now. It was re-registered on 2013-10-24. The link (ww2.) javaupdatesfr.com is listed as "malicious site" by TrendMicro and Websense ThreatSeeker in a scan on virustotal.com. I could not get more info by having the first of 4 listed links scan through other engines. Maybe an expert like MysteryFCM can check those.

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

RE: Lunacom Java Update from "javaupdatefr.com"

Post by MysteryFCM » Sat Oct 26, 2013 12:49 pm

I'm no expert, but cheers ;)

ww2 is a standard redirector for the parking server in this case.

With ref to Lunacom;

http://hphosts.blogspot.co.uk/2013/10/alert-lunacom-interactive-ltd-and-fake.html

See also:

http://hphosts.blogspot.co.uk/2013/10/alert-7install-yet-more-fake-flash.html
http://hphosts.blogspot.co.uk/2013/10/alert-malvertisement-from-829133140.html

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 4 guests