Needy.F is a Java applet based trojan that changes the
Internet Explorer start page changes search settings to
ones contained in the trojan and downloads a trojan
downloader. Needy activates when user views a web page or
HTML E-mail that contains reference to the trojan file.
The Needy.F is activated when a web site containing the
trojan is loaded with unpacthed Microsoft Internet Explorer
browser. When the JAR file containing the trojan is executed
it uses Microsoft Internet Explorer VerifierBug vulnerability to get
full privileges by escaping the Java security, and execute its
code.
When executed the trojan downloads a list of instructions from a web
site, by which the trojan trojan modifies the Internet Explorer start page
to point to the site where the trojan is downloaded from, changes
search settings and adds addresses to the visited pages history.
Unlike earlier variants on Needy family Needy.F is directed by
instructions downloaded from a web page. The web page can specify
what to which page the trojan changes the Internet start page and
search settings. Also the page contains a list of web sites that
are copied into the Internet Explorer page history, to make it
appear that user would have been visiting certain pornographic services.
In addition to changing the Internet Explorer settings the trojan
tries to download a trojan from a website and execute it. Although
this page seems no longer to contain the trojan executable.