Jon (j_b) wrote,
Jon
j_b

  • Mood:

Computer Over. Virus = Very Yes

Thought you'd saved your friends and family by getting them to switch to FireFox?

You might want to take the additional step mackys recommends and disable Java and Javascript too.


Report from my Main Man Edgar (ClamWin free antivirus) :

C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-2839ab5b.zip: Java.Downloader.OpenStream.A FOUND

C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-5fda7c69-3ea89bf1.zip: Java.ClassLoader.24564 FOUND


Yes, there are Java trojans out there. Opening up the OpenStream trojan in Notepad reveals it's a signed Java applet, complete with a Thawte certificate, issued to "SLOTCH" dot com aka "Integrated Search Technologies". (I'd turn off Java and Javascript before looking there. I haven't looked, but a search on their name reveals their some Canadian online casino deal or something.) The gist is it loads up as a signed app, and (probably) pops up a dialog saying "Hi, this signed program wants to do something, is that OK?" and if the user clicks yes, (and is on Windows), it cheerfully downloads all sorts of God-knows-what, and your compy pees your carpet.

I'm saving octal dump copies of these files, if anyone wants 'em for dissection post a reply here.

Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment