is a detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in a Java Runtime Environment (JRE) component in Oracle, JAVA SE JDK and JRE 7, 6 update 27 and earlier. The vulnerability, discussed in CVE-2011-3544, allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.
The JAR package may consist of the following class files:
- malicious class detected as Exploit:Java/CVE-2011-3544.E
- a legitimate class from Allatori, a Java obfuscator
Downloads arbitrary files
is used in drive-by download attacks. Any web browsers with vulnerable Java versions may be exposed to malicious code purposely designed to download and install arbitrary files, often malware.
has been observed being served through the Blackhole kit servers, an exploit that is currently prevalent in the wild.
Analysis by Methusela Cebrian Ferrer
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.