14 DAY TRIAL // Anyone experiencing error messages from Oracle database software should proceed to download a fix, but only from official locations, engineers with the company warned.
It appears that they have received information that different websites claim to provide patches for real problems with the software, but deliver malware instead.
There are no details about the online locations flinging the malicious updates to the users, or the type of damage they could cause to the database.
“It has come to our attention that there are non-Oracle sites offering Oracle 'fixes' for genuine Oracle error messages,” said Antonella Giovannetti, Oracle integration support engineer, in a warning posted at the beginning of the week.
Users are informed that other repositories except Oracle’s are not authorized to distribute patches for the company software and that they are more than likely to present a risk to the system.
The engineer also recommended anyone bumping into the fake websites to create a service request, which suggests that the company is currently working on stifling the activity of the fraudsters.
With no additional details on the error message the bogus patches claim to eliminate, the issue the attackers aim to exploit remains unknown.
The warning came about a week before Oracle’s first update routine for 2015, scheduled for January 20.
It is unclear if the company has any information about customers that have fallen for the trick and installed the fake updates.