TrojanDownloader:Java/OpenConnection is the detection for a Java based malware family that exploits a vulnerability discussed in CVE-2010-0094. The vulnerability affects Java Runtime Environment (JRE) up to and including version 6 release 18, and makes it possible for untrusted code to gain browser security privileges under the user's account.

A user may encounter threat from this family when visiting a compromised website. If the user is using a vulnerable version of Java, successful exploitation resulting in infection can occur. Threats such as this can often be avoided by ensuring the most up to date software is installed on the computer. To prevent reinfection and avoid similar exploits, make sure up to date security patches are applied to the Java Runtime Environment.

Update vulnerable Java applications

This threat exploits a known vulnerability in Java Runtime Environment. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:

• CVE-2010-0094
• Java Download

It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.

• Remove older versions of Java

TrojanDownloader:Java/OpenConnection.PM is an obfuscated Java applet that attempts to download and execute arbitrary files from a remote host. It is usually bundled with other malware that exploits the vulnerability described in CVE-2010-0840.

The vulnerability allows this malware to download and run arbitrary files. The trojan may also be encountered when visiting a compromised or malicious webpage with a vulnerable computer.

The following versions of Java are vulnerable to this exploit:

• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java SE
• JDK 5.0 Update 23 and earlier for Solaris; Java SE
• SDK 1.4.2_25 and earlier for Solaris; Java SE
• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java for Business
• JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux; Java for Business
• SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux; Java for Business

Install updates to prevent infection

This malware exploits known vulnerabilities.

Make sure that you install all available updates from the vendor and remove old versions of Java in order to avoid this exploit. You can read more about this vulnerability and download software updates from these links:

• CVE-2010-0840
• Oracle advisory
• Java Download
• Remove older versions of Java

TrojanDownloader:Java/OpenConnection.OS is a Java applet trojan that may allow the downloading and execution of arbitrary malicious files.

TrojanDownloader:Java/OpenConnection.OU is an obfuscated Java class applet trojan that attempts to download and execute arbitrary files from remote servers.