Exploit:Java/CVE-2008-5353.JJ is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.
The vulnerability exploits a relationship between serializable objects, the programming entities which can be persisted beyond the lifespan of a parent process, and a non-serializable super class constructor method defined in the derived class.
The vulnerability has been exploited by malware to gain access to a user's computer to download and install malicious programs. The malware installation may occur when a malicious Java applet is executed by a vulnerable JVM. This scenario can occur when a user visits a malicious Web page that hosts such an applet. Note that a number of legitimate Web sites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.
Exploit:Java/CVE-2008-5353.JJ is a Java applet that contains a file named "LoaderX.class". The applet exploits the CVE-2008-5353 vulnerability and executes "LoaderX.class" with elevated privileges.
Downloads arbitrary files
When the Java component "LoaderX.class" runs, it may download and execute malicious programs from a specified Web site.
It is not uncommon for antivirus software to detect malicious Java applets in a Web browser's cache. It doesn’t necessarily mean that the system is compromised. Most of the time it reflects the fact that at some stage a Web page with a malicious applet had been visited and cached internally. To thwart such a notification it is often enough to purge the cache using a Web browser's configurable security options.
Analysis by Dan Kurc
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.