Summary

Needy trojan family consists of trojans thatare written in Java and use vulnerability in Microsoft Internet Explorer Java Runtime. Usually these trojans change Internet Explorer homepage and search settings and some variants also download executable trojans.

This variant Needy.K changes Internet Explorer start page and search settings to adult sites and downloads trojan executable.

Disinfection

Removal Instructions

http://support.f-secure.com/enu/home/virusproblem/howtoclean/removetrojan.shtml

Additional Details

The Needy.K is activated when a web site containing the trojan is loaded with unpacthed Microsoft Internet Explorer browser. When the JAR file containing the trojan is executed it uses Microsoft Internet Explorer VerifierBug vulnerability to get full privileges by escaping the Java security, and execute its code.

Detection

Detection in F-Secure Anti-Virus was published on June 4th, 2004 in update:

[FSAV_Database_Version]
Version=2004-06-04_02

Write-up: Jarno Niemela, June 29th, 2004;