is a Java applet trojan that may allow the downloading and execution of arbitrary malicious files.
may be served from a malicious website as a Java archive (JAR) file, and has been observed exploiting the vulnerability described in CVE-2010-0840.
The applet is often bundled with TrojanDownloader:Java/OpenConnection.OU.
Downloads arbitrary files
The trojan attempts to download and execute arbitrary files from the remote server 'quemoten.com'.
In the wild, we have observed the trojan downloading the following files:
Analysis by Patrik Vicol
The following system changes may indicate the presence of this malware: