JAVA_EXPL.SM4

 Analysis by: Nikko Tamana

 ALIASES:

Exp/20124681-A (Sophos), W32/20124681.A!exploit (Fortinet), Java/Dong.B (exact) (FProt), Exploit.Java.CVE (Ikarus), Exploit:Java/CVE-2012-4681.D (Microsoft), a variant of Java/Exploit.CVE-2012-4681.A trojan (NOD32), Trojan.Maljava!gen24 (Norton)

 PLATFORM:

Windows 2000, Windows XP, WIndows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with malware/grayware packages. It executes when a user accesses certain websites where it is hosted.

It exports functions used by other malware. It requires its main component to successfully perform its intended routine.

  TECHNICAL DETAILS

File Size:

Varies

File Type:

Java Class

Memory Resident:

No

Initial Samples Received Date:

01 Sep 2012

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It arrives as a component bundled with malware/grayware packages.

It executes when a user accesses certain websites where it is hosted.

Download Routine

This Trojan takes advantage of the following software vulnerabilities to download possibly malicious files:

Other Details

This Trojan exports functions used by other malware.

It requires its main component to successfully perform its intended routine.