Trojan:W32/Needy is a Java-applet based program that changes the Internet Explorer start page and search settings to ones contained in the trojan. Needy activates when user views a web page or HTML email that contains reference to the trojan file.
When a JAR file containing the trojan is executed it uses Microsoft Internet Explorer VerifierBug vulnerability to get full privileges by escaping the Java security, and execute its code. Then the trojan creates a temporary file for registry settings and modifies the registry using regedit.exe.
The trojan modifies following registry keys:
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Use Search Asst
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
To remove Needy.A from your system apply the fix to the Java VM vulnerability, clear temporary Internet files cache and remove the Internet Explorer settings modifications using IE Internet options menu.
Further information about the vulnerability in the Microsoft Java VM, including a fix, is available at: http://www.microsoft.com/technet/security/bulletin/ms03-011.asp
This variant is functionally close to Needy.A in addition of modifying Internet Explorer search settings as Needy.A does, it also adds a list of pornographic shortcuts to browser favourite and adds a pornographic shortcut to desktop.