Home / malware TrojanDownloader:Java/Halliandaw.A
First posted on 14 March 2012.
Source: MicrosoftAliases :
TrojanDownloader:Java/Halliandaw.A is also known as Trojan-Downloader.Java.Halliandaw (Ikarus).
Explanation :
TrojanDownloader:Java/Halliandaw.A is a Java applet trojan that may download and execute arbitrary files. It exploits a vulnerability in the Java Runtime Environment (JRE) described in CVE-2011-3544. This vulnerability allows an unsigned Java applet, detected as Exploit:Java/CVE-2011-3544, to load with elevated privileges.
Top
TrojanDownloader:Java/Halliandaw.A is a Java applet trojan that may download and execute arbitrary files. It exploits a vulnerability in the Java Runtime Environment (JRE) described in CVE-2011-3544. This vulnerability allows an unsigned Java applet to load with elevated privileges.
TrojanDownloader:Java/Halliandaw.A may arrive as a .JAR package hosted in a compromised or malicious webpage. It may install in a drive-by malware attack, without the user's consent. It contains a .class file detected as Exploit:Java/CVE-2011-3544.
If TrojanDownloader:Java/Halliandaw.A runs in a computer in which a vulnerable version of Java is installed, Exploit:Java/CVE-2011-3544 runs, which then attempts to download and execute arbitrary files in the %TEMP% folder. In the wild, it has been observed to download files detected as Trojan:Win32/Ransom.EJ.
Analysis by Marianne Mallen
Last update 14 March 2012
