The threat checks to see if your PC is running a vulnerable version of Java or Adobe Reader.
We have seen it try to use the following vulnerabilities:
(Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1)
(Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier)
(Oracle Java SE 7 update 15 and earlier, 6 update 41 and earlier, and 5.0 update 40 and earlier)
(Java SE 7 update 17 and earlier, and OpenJDK 7)
We have seen the threat hosted on pages at the following URLs:
The landing page might look like the following:
If your PC has vulnerable software installed this threat can download other malware, including:
Analysis by Shawn Wang
Alerts from your security software may be the only symptom.