The Openconnection is a family of Java applet based trojan downloaders,
that infect Internet Explorer through malicous web page that uses Java
classloader byteverify exploit or other vulnerability in Internet Explorer.
These trojans usually download other trojan/spyware components on the system.
The easiest way to be safe from these trojans is to make sure that
Internet Explorer is up to date. Although even with updated IE
the trojans are sometimes downloaded but cannot activate.
The Openconnection trojans install themselves from a malicious web page
that contains a reference to the trojan. The trojan uses a vulnerability
in the classloader system of Microsoft Java runtime, that allows the
malicious applet to break out of the sandbox, and gain same access as any
other executable running with users permissions.
Malicious web pages that contain references to the trojans.
Payload
After being executed these trojans usually download executable components
that are either further parts of the trojan or spyware being dropped by
the trojan.
![](/images/pixel.gif"){kind=tracking}
