Home / malware TrojanDownloader:Java/OpenStream.BY
First posted on 26 October 2012.
Source: MicrosoftAliases :
TrojanDownloader:Java/OpenStream.BY is also known as Exploit.Java.CVE-2012-0507.bu (VirusBuster), Exploit.Java.CVE-2012-0507.ni (Kaspersky), Exploit-CVE2012-1723 (McAfee), Java/Exploit.CVE-2012-1723.J (ESET), Trojan.Maljava (Symantec).
Explanation :
TrojanDownloader:Java/OpenStream.BY is an obfuscated Java applet that attempts to download and execute files from a malicious website. The applet uses Exploit:Java/CVE-2012-1723 to exploit a vulnerability in the Java Runtime Environment (JRE) which enables the trojan to download and execute files.
For information on the exploit, including a list of the versions of Java that are affected, an explanation of Java exploits, and further technical information, please see the encyclopedia entry for Exploit:Java/CVE-2012-1723.
TrojanDownloader:Java/OpenStream.BY may be served from a malicious website as a JAR file (Java archive container).
The archive contains several Java class files, such as the following:
- arLode.class
- drithq.class
- huibe.class
- kezur.class
- oikk.class
- taralab.class
- xryak.class
If the Java applet is loaded on a vulnerable computer, it attempts to download an arbitrary file from a remote website. The file that is downloaded can vary.
Note: This detection may be triggered when you visit a website that contains the malicious code. Even if you are not using a vulnerable version of the JRE this detection may be reported when you visit a website that contains the malicious code. This does not mean that you have been compromised, rather that an attempt to compromise your computer has been made.
Related encyclopedia entries
Exploit:Java/CVE-2012-1723
Analysis by Stefan Sellmer
Last update 26 October 2012
