is the detection for an obfuscated Java class that is part of a bundled malicious Java applet. The applet exploits the vulnerability described in CVE-2008-5353
and can be used to download and run arbitrary files from a malicious website.
OpenConnection.ES may be encountered when visiting a malicious webpage. The exploit consists of the following Java class files:
Successful exploitation of CVE-2008-5353 on vulnerable system allows the downloader Trojan to be invoked with elevated privilege and do the following:
- Downloads arbitrary file from a remote site as "%TEMP%\<random file name>.EXE"
- Executes the downloaded binary
Analysis by Rodel Finones
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.