We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
TrojanDownloader:Java/OpenConnection.PM
Aliases: Java/Exploit.CVE-2011-3544.BK (ESET) EXP/JAVA.Ternub.Gen (Avira) Troj/JavaDl-OG (Sophos) Exploit.Java_c.AJY (AVG) Trojan-Downloader.Java.OpenConnection (Ikarus) Trojan-Downloader.Java.OpenConnection.fe (Kaspersky)
Summary
TrojanDownloader:Java/OpenConnection.PM is an obfuscated Java applet that attempts to download and execute arbitrary files from a remote host. It is usually bundled with other malware that exploits the vulnerability described in CVE-2010-0840.
The vulnerability allows this malware to download and run arbitrary files. The trojan may also be encountered when visiting a compromised or malicious webpage with a vulnerable computer.
The following versions of Java are vulnerable to this exploit:
- JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java SE
- JDK 5.0 Update 23 and earlier for Solaris; Java SE
- SDK 1.4.2_25 and earlier for Solaris; Java SE
- JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java for Business
- JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux; Java for Business
- SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux; Java for Business
Install updates to prevent infection
This malware exploits known vulnerabilities.
Make sure that you install all available updates from the vendor and remove old versions of Java in order to avoid this exploit. You can read more about this vulnerability and download software updates from these links:
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
Update vulnerable Java applications
This threat exploits a known vulnerability in Java. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:
It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.
