Home / malwarePDF  

Exploit:Java/Blacole.BI


First posted on 28 August 2019.
Source: Microsoft

Aliases :

Exploit:Java/Blacole.BI is also known as JS/Exploit-Blacole.b, Troj/Java-BI, JAVA_BLACOLE.G.

Explanation :

Exploit:Java/Blacole.BI is malicious Java code that exploits a vulnerability in the Java Runtime Environment component of Oracle Java SE and Java for Business that allows the execution of arbitrary code. The vulnerability is further described in CVE-2010-0840.InstallationThis exploit may be encountered when visiting a compromised webpage that contains the malicious code. The code is created by an attacker using the "Blackhole" Exploit Kit and inserted into a compromised webpage. When the page is visited by a user running vulnerable versions of Java, the malicious Java class runs and allows the execution of arbitrary code. In the wild, this exploit was observed to be distributed within a Java archive file named "field.jar" and within a collection of other Java class malware, as in the following example list of files: Option.class - Exploit:Java/Blacole.BI Search.class - Exploit:Java/Blacole.BD SP.class - Exploit:Java/Blacole.BE ThreadParser.class - Exploit:Java/Blacole.BF XSLT.class - Exploit:Java/Blacole.BG

One other observed sample contained the following collection of malicious Java class files:

Option.class - Exploit:Java/Blacole.BI Parser.class - Exploit:Java/CVE-2010-0840.NG SmartyPointer.class - Exploit:Java/Blacole.BJ ThreadParser.class - Exploit:Java/Blacole.BK XML.class - Exploit:Java/Blacole.BL Payload Downloads arbitrary files Exploit:Java/Blacole.BI attempts to download and execute additional malware to the infected system.  Analysis by Zarestel Ferrer

Last update 28 August 2019

 

TOP