|Detected||Jul 27 2010 12:35 GMT|
|Released||Jul 28 2010 11:20 GMT|
|Published||Apr 04 2011 13:57 GMT|
This Trojan exploits a vulnerability in Sun Microsystems Java (CVE-2008-5353). It has three Java class files. The files are 12 447, 3047, 3158 bytes in size.
The Trojan is designed as three class files, called:
Changes MyBuilds MyFilesDuring its operation, the Trojan exploits vulnerability CVE-2008-5353 (CVE-2008-5353). This vulnerability arises while deserializing "Calendar" objects in Sun Java VM and enables the attacker to execute the applet with enhanced privileges. The vulnerabilities are present in Java Runtime Environment (JRE) for Sun Java Development Kit (JDK) version 6.0 up to the 10th update and earlier versions; JDK and JRE version 5.0 up to the 16th update and earlier versions; Software Development Kit and JRE 1.4.2 up to the 18th update and earlier. Once the privileges are enhanced, the exploit downloads files from the Internet from certain links. Once downloaded, the files are launched for execution. The downloaded files are saved to the current user's temporary directory as
%Temp%\<rnd>.exewhere <rnd> are random fractional decimal numbers between 0 and 1. Before downloading, it checks the name of the OS installed on the infected system. If the OS is not Windows, the download does not take place.
This malware is a Java applet. It is launched from an infected HTML page, using an "<APPLET>" tag, for which an encrypted link or downloading files is sent in parameters named "data" and "cc". The "cc" parameter determines the number of file download and launch cycle iterations. The link for downloading each file is generated as follows:
URL = data + i,where URL is the link to download the next file; data is the value of the "data" parameter of tag "<APPLET>"; i is an integral decimal number, 0 <= i < cc; cc is the value of the "cc" parameter of tag "<APPLET>".
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.
Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.
Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.