F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

F-Secure Virus Descriptions : Openconnection

[Summary] | [Disinfection] | [Detailed Description]



NAME:Openconnection
ALIAS:Java/Openconnection.A

Summary

The Openconnection is a family of Java applet based trojan downloaders, that infect Internet Explorer through malicous web page that uses Java classloader byteverify exploit or other vulnerability in Internet Explorer.

These trojans usually download other trojan/spyware components on the system.

The easiest way to be safe from these trojans is to make sure that Internet Explorer is up to date. Although even with updated IE the trojans are sometimes downloaded but cannot activate.

Disinfection

Removal Instructions

http://support.f-secure.com/enu/home/virusproblem/howtoclean/removetrojan.shtml

Or if you are using Sun Java runtime

http://support.f-secure.com/enu/home/virusproblem/howtoclean/cleanjavacache.s...


Back to the Top


Detailed Description

Installation to system

The Openconnection trojans install themselves from a malicious web page that contains a reference to the trojan. The trojan uses a vulnerability in the classloader system of Microsoft Java runtime, that allows the malicious applet to break out of the sandbox, and gain same access as any other executable running with users permissions.

Further information about the vulnerability in the Microsoft Java VM, including a fix, is available at: http://www.microsoft.com/technet/security/bulletin/ms03-011.asp

Spreading in

Malicious web pages that contain references to the trojans.

Payload

After being executed these trojans usually download executable components that are either further parts of the trojan or spyware being dropped by the trojan.


Back to the Top


Write-up: Jarno Niemela, September 9th, 2005;

F-Secure Corporation