Follow:

 

TrojanDownloader:Java/OpenConnection.OU


TrojanDownloader:Java/OpenConnection.OU is an obfuscated Java class applet trojan that attempts to download and execute arbitrary files from remote servers.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Update vulnerable applications

This threat may exploit a known vulnerability in the Java Runtime Environment (JRE). To prevent your computer from being vulnerable to this malware, make sure that you install the updates available from the vendor. You can read more about this vulnerability from the following links:

Threat behavior

TrojanDownloader:Java/OpenConnection.OU is an obfuscated Java class applet trojan that attempts to download and execute arbitrary files from remote servers.

Installation

TrojanDownloader:Java/OpenConnection.OU is usually bundled with other malware that exploits the vulnerability described in CVE-2010-0840. When successful exploitation occurs, the trojan will download and execute files from remote servers.

The vulnerability can be exploited by the trojan to gain access to a user's computer to download and install malicious programs. Installation may occur when a malicious Java applet is executed by a vulnerable JRE (Java Runtime Environment). This can occur when a user visits a malicious webpage that hosts such an applet. Note that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.

Payload

Downloads and executes arbitrary files

If the exploitation is successful, TrojanDownloader:Java/OpenConnection.OU attempts to download and execute a malicious program from a specified URL, for example, varbosta.com.

Analysis by Marian Radu


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.


Prevention


Alert level: Severe
First detected by definition: 1.111.2413.0
Latest detected by definition: 1.151.1570.0 and higher
First detected on: Sep 16, 2011
This entry was first published on: Sep 16, 2011
This entry was updated on: Oct 04, 2011

This threat is also detected as:
No known aliases