is a Java applet that attempts to exploit vulnerabilities described in CVE-2009-3867
that may allow the execution of an arbitrary code with escalated privileges.
Exploit:Java/CVE-2009-3867.HD may be encountered when visiting a malicious Web page. If the applet is opened within a vulnerable computer, it may allow execution of arbitrary code with escalated privileges.
When loaded, the applet checks whether the computer is running Windows. If not, it terminates itself.
Executes arbitrary code
Depending on the version of Java installed, Exploit:Java/CVE-2009-3867.HD will do either of the following:
Attempts to exploit CVE-2009-3867
and execute arbitrary codes to download and execute arbitrary file as "%TEMP%\pdfupd.exe
Attempts to exploit CVE-2009-3868
" (detected as Exploit:Java/CVE-2008-5353.JJ), which loads malicious java class "DyesyasZ.class
" (detected as TrojanDownloader:Java/OpenConnection.ES) with elevated permission. Then downloads remote file as "%TEMP%\<RANDOM>.EXE
It is not uncommon for antivirus software to detect malicious Java applets in a Web browser's cache. It doesn’t necessarily mean that the system is compromised. Most of the time it reflects the fact that at some stage a Web page with a malicious applet had been visited and cached internally. To thwart such a notification it is often enough to purge the cache using a Web browser's configurable security options.
See the following link for more information about the vulnerability described in CVE-2009-3867 and CVE-2009-3868:
Analysis by Rodel Finones
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.