Needy.G is a Java applet based trojan that changes the
Internet Explorer start page changes search settings to
ones contained in the trojan and downloads a trojan
downloader. Needy activates when user views a web page or
HTML E-mail that contains reference to the trojan file.
Needy.G is otherwise identical to Needy.F except it downloads
the instructions from a different address.
The Needy.G is activated when a web site containing the
trojan is loaded with unpacthed Microsoft Internet Explorer
browser. When the JAR file containing the trojan is executed
it uses Microsoft Internet Explorer VerifierBug vulnerability to get
full privileges by escaping the Java security, and execute its
When executed the trojan downloads a list of instructions from a web
site, by which the trojan trojan modifies the Internet Explorer start page
to point to the site where the trojan is downloaded from, changes
search settings and adds addresses to the visited pages history.
Like Needy.F, Needy.G is directed by instructions downloaded
from a web page. The web page can specify what to which page
the trojan changes the Internet start page and search settings.
Also the page contains a list of web sites that are copied into
the Internet Explorer page history, to make it appear that user
would have been visiting certain pornographic services.
In addition to changing the Internet Explorer settings the trojan
tries to download a trojan from a website and execute it. Although
this page seems no longer to contain the trojan executable.
Detection in F-Secure Anti-Virus was published on April 2nd, 2004 in
Jarno Niemela, April 2nd, 2004;