is an obfuscated Java class applet trojan that attempts to download and execute arbitrary files from remote servers.
is usually bundled with other malware that exploits the vulnerability described in CVE-2010-0840. When successful exploitation occurs, the trojan will download and execute files from remote servers.
The vulnerability can be exploited by the trojan to gain access to a user's computer to download and install malicious programs. Installation may occur when a malicious Java applet is executed by a vulnerable JRE (Java Runtime Environment). This can occur when a user visits a malicious webpage that hosts such an applet. Note that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.
Downloads and executes arbitrary files
If the exploitation is successful, TrojanDownloader:Java/OpenConnection.OU attempts to download and execute a malicious program from a specified URL, for example, varbosta.com.
Analysis by Marian Radu
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.