Follow:

 

Exploit:Java/CVE-2008-5353.JJ


Exploit:Java/CVE-2008-5353.JJ is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.


What to do now

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Update vulnerable applications
This threat exploits known vulnerabilities in the Java Runtime Environment. After removing this threat, make sure that you install the updates available from the vendor. You can read more about these vulnerabilities in Java applets, as well as where to download the software update from the following links:

Threat behavior

Exploit:Java/CVE-2008-5353.JJ is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.
 
The vulnerability exploits a relationship between serializable objects, the programming entities which can be persisted beyond the lifespan of a parent process, and a non-serializable super class constructor method defined in the derived class.
 
The vulnerability has been exploited by malware to gain access to a user's computer to download and install malicious programs. The malware installation may occur when a malicious Java applet is executed by a vulnerable JVM. This scenario can occur when a user visits a malicious Web page that hosts such an applet. Note that a number of legitimate Web sites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.
Installation
Exploit:Java/CVE-2008-5353.JJ is a Java applet that contains a file named "LoaderX.class". The applet exploits the CVE-2008-5353 vulnerability and executes "LoaderX.class" with elevated privileges.
Payload
Downloads arbitrary files
When the Java component "LoaderX.class" runs, it may download and execute malicious programs from a specified Web site.
Additional Information
It is not uncommon for antivirus software to detect malicious Java applets in a Web browser's cache. It doesn’t necessarily mean that the system is compromised. Most of the time it reflects the fact that at some stage a Web page with a malicious applet had been visited and cached internally. To thwart such a notification it is often enough to purge the cache using a Web browser's configurable security options.
 
Analysis by Dan Kurc

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Prevention


Alert level: Severe
This entry was first published on: Aug 10, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
No known aliases