JAVA_EXPLOIT.KRZ
October 09, 2012
ALIASES:
Exploit:Java/CVE-2012-0507.AH (Microsoft)
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan executes when a user accesses certain websites where it is hosted.
It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
TECHNICAL DETAILS
File Size:
Varies
File Type:
JAR, Java Class
Memory Resident:
No
Initial Samples Received Date:
27 Apr 2012
Payload:
Downloads files
Arrival Details
This Trojan executes when a user accesses certain websites where it is hosted.
It may be downloaded from the following remote sites:
- http://www.{BLOCKED}e-haccp.org.tw/news/test.jar
Download Routine
This Trojan accesses the following websites to download files:
- http://www.{BLOCKED}e-haccp.org.tw/news/calc.exe - TROJ_SPMAN.KRZ
It takes advantage of the following software vulnerabilities to download possibly malicious files: