Home / malware

PDF

Trojan:Java/Mugademel.A

First posted on 23 August 2010.
Source: SecurityHome

Aliases :

Trojan:Java/Mugademel.A is also known as Trojan-Downloader.Java.Agent.gh (Kaspersky), Java.Downloader.35 (Dr.Web), Sus/JavaMeO-B (Sophos).

Explanation :

Trojan:Java/Mugademel.A is a trojan that downloads malicious files and attempts to exploit a vulnerability in order to run arbitrary code. These trojans attempts to exploit the vulnerability described in CVE-2009-3867 on affected computers.
Top

Trojan:Java/Mugademel.A is a trojan that downloads malicious files and attempts to exploit a vulnerability in order to run arbitrary code. These trojans attempts to exploit the vulnerability described in CVE-2009-3867 on affected computers. Installation Trojan:Java/Mugademel.A detects a Java class that comes packaged as a .JAR file. Trojan:Java/Mugademel.A contains a number of functions in the Java class that are used to obfuscate its purpose. To achieve this obfuscation it employs a number of techniques, including:

Using a substitution cipher; the malicious script and target file are obfuscated using a simple substitution cipher

Using Java string functions; the URL string is built in parts of different parameter types and joined together using the Java string functions

Inserting junk commands amongst the malicious code; this code consists of parameter initializations that are never used

Trojan:Java/Mugademel.A uses CVE-2009-3867 vulnerability to download the file.

Analysis by Michael Johnson

Last update 23 August 2010

 

TOP