All Things Techie With Huge, Unstructured, Intuitive Leaps

Java Virus ???

I am a firm believer in Avira. I use it on all of my machines for anti-virus. The way that I became a believer was in Nassau, the Bahamas. We need a cheap machine to act as a modem answer gateway. We walked over to the local Radio Shack store and bought the cheapest Pentium-knock-off that they had. It came loaded with all sorts of stuff, like Microsoft Office, Adobe Photoshop and all of the expensive programs.

This being the Caribbean, and the land of the Pirates of the Caribbean, of course it was all cracked stuff, loaded with viruses. I did my best to clean the machine with every available package, including Norton, McAfee and such -- all to no avail. Avira (free personal download) was the only one that did it.

So, today, Avira began its scan, and this showed up in the transcript pad:

Begin scan in 'C:\'
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\33c334d3-7247e552
[0] Archive type: ZIP
--> main.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploit

Beginning disinfection:
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\19\33c334d3-7247e552
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploit
[NOTE] The file was moved to the quarantine directory under the name '4af8d44b.qua'.

Holy crap, it was a Java virus. Here is more information:


Virus:EXP/CVE-2012-0507.A
Date discovered:19/03/2012
Type:Exploit
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
VDF version:7.11.25.166
IVDF version:7.11.25.166

General Method of propagation:
• No own spreading routine


Aliases:
• Mcafee: Generic
• Kaspersky: Exploit.Java.CVE-2011-3544.lt
• Microsoft: Exploit:Java/CVE-2012-0507.A
• GData: Java:CVE-2011-3544-ET


Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Windows Vista
• Windows Server 2008
• Windows 7


Side effects:
• Can be used to execute malicious code
• Makes use of software vulnerability
CVE-2012-0507

File details Programming language:
• Java

No comments:

Post a Comment