The Trojan program which without the knowledge of the user downloads other software on the computer and starts it on execution. Is a Java-class (class-file). Has the size of 3458 byte.
Destructive activity
The Java-class "sob" is a part JAR of archive and is a part uniform вредоноса. Following components of the Trojan also are stored In archive:
asdfgh4.class – 212 byte
qwertyu45.class – 259 byte
sob$1.class – 457 byte
v567345.class – 330 byte
Activation harmful Java an applet occurs after opening infected HTML pages in the browser of the user. Start is carried out by means of a HTML-tag "<applet>" for which, as one of parametres, the main class of an applet is underlined.
To applet, with HTML pages, the parametre - "url" is transferred. Value of parametre "url" is the file of references which are divided by a symbol. Further the received references are used for loading of another harmful ON.
The Trojan uses vulnerability which allows a harmful applet to cause exclusive methods without appropriate check of safety (CVE-2010-0840). Thus, вредонос can carry out any code on vulnerable system. Vulnerable are Oracle Java SE and Java for Business:
Java Development Kit (JDK) and Java Runtime Environment (JRE) 6.0 versions 18 of updating and earlier for Windows, Solaris and Linux;
Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 versions 23 of updating and earlier for Solaris;
Software Development Kit (SDK) 1.4.2 versions 25 of updating and earlier for Solaris.
After successful operation of vulnerability, вредонос carries out loading of files under the received references. Files remain in the catalogue of storage of time files of the current user with names:
%Temp %\ms<rnd>cfg32.exe
Where rnd – serial number of a loaded file. Then by means of a command line the Trojan starts the loaded files on performance.
Recommendations about removal
If your computer has not been protected by an antivirus and it has appeared is infected by the given harmful program for its removal it is necessary to execute following actions:
To update Java Runtime Environment and Java Development Kit to last versions.
To clear the catalogue:
%Temp %\
To make full check of the computer by Kaspersky's Antivirus with the updated anti-virus bases (to download the trial version).
[MD5: 2fa37346356b591a492cf509a97e6f7e]
[SHA1: f06a5b9320ac0066d151d4cfa933b7ff6f2af6e2]
Нормально, из-за этих "раздолбаев" пропадает доверие к "явавским апплетам" да и вообще к этому красивому и удобному языку.
ОтветитьУдалить