Home / malware Trojan:Java/Rowindal.D
First posted on 10 November 2010.
Source: SecurityHomeAliases :
Trojan:Java/Rowindal.D is also known as Java.Siggen.27 (Dr.Web), Java/Exploit.CVE-2010-0094.D (ESET), Trojan-Downloader.Java.OpenConnection.bw (Kaspersky), Mal/JavaKC-P (Sophos).
Explanation :
Trojan:Java/Rowindal.D is a detection for an obfuscated malicious Java class that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) in order to run arbitrary code. This trojan, in combination with Exploit:Java/CVE-2010-0094.A, attempts to exploit the vulnerability described in CVE-2010-0094 to run the unauthorized code in a privileged context.
Top
Trojan:Java/Rowindal.D is a detection for an obfuscated malicious Java class that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) in order to run arbitrary code. This trojan, in combination with Exploit:Java/CVE-2010-0094.A, attempts to exploit the vulnerability described in CVE-2010-0094 to run the unauthorized code in a privileged context. Installation Trojan:Java/Rowindal.D may be executed when a user visits a malicious website on a computer running a vulnerable version of JRE. In the wild, this trojan may be served from a malicious website, in combination with Exploit:Java/CVE-2010-0094.A, as a Java applet, in order to download and execute arbitrary files. Payload Downloads and executes arbitrary files Once Trojan:Java/Rowindal.D is loaded, it attempts to do the following:Download a file from a remote website Save the downloaded file in a windows TEMP folder Run the downloaded file
Analysis by Wei LiLast update 10 November 2010
