Beware of malware masquerading as Oracle security patches
Oracle is warning users about malware sites actively offering Oracle patches for download.
“It has come to our attention that there are non-Oracle sites offering Oracle ‘fixes’ for genuine Oracle error messages,” they shared on several of its Proactive Support blogs.
“You probably already don’t need to be told, however, please do not download these fixes as they are not authorized by us in any way and are more than likely to be dangerous to your system.”
They didn’t say which sites these are, only that they are already investigating some known sites, and have asked users who encounter such sites to notify Oracle about them.
This is not the first time cyber crooks tried to masquerade malware as a Oracle software update, and it probably won’t be the last.
Given that the next Critical Patch Updates for Oracle products are scheduled to be released next week (January 20, 2015), it’s no wonder that Oracle is ramping up its efforts to minimize the danger to users who could be tricked into downloading the fake, malicious “patches.”