Home / malware TrojanDownloader:Java/OpenStream.BF
First posted on 17 February 2012.
Source: MicrosoftAliases :
TrojanDownloader:Java/OpenStream.BF is also known as Trojan-Downloader.Java.OpenStream (Ikarus), Mal/JavaSca-A (Sophos).
Explanation :
TrojanDownloader:Java/OpenStream.BF is a Java applet trojan that may download and execute arbitrary files. It exploits a vulnerability in the Java Runtime Environment (JRE) described in the following article:
- CVE-2010-0094
Top
TrojanDownloader:Java/OpenStream.BF is a Java applet trojan that may download and execute arbitrary files. It exploits a vulnerability in the Java Runtime Environment (JRE) described in the following article:
- CVE-2010-0094
This vulnerability allows an unsigned Java applet to load with elevated privileges. This type of exploitation is mostly used in drive-by download attacks.
TrojanDownloader:Java/OpenStream.BF arrives as a .JAR package that contains the following files in a folder named "apps":
- MyApplet.class
- MyLoader.class - detected as TrojanDownloader:Java/OpenStream.BF
- MyWorker.class - detected as TrojanDownloader:Java/OpenStream.BF
If the computer is running a vulnerable version of Java, TrojanDownloader:Java/OpenStream.BF downloads and executes a file with a random file name in the %TEMP% folder. The file name varies; in the wild it has been known to be one of the following:
- add.exe
- upd.exe
Analysis by Patrik Vicol
Last update 17 February 2012
