CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Virus Alert VA-2010-5

JAVA_WEBSTART.A

Original issue date: April 9, 2010

Description

Trend Micro has flagged this malware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, it exploits the recently discovered Java Vulnerability to allow an attacker to run commands on the affected system.

Malware Overview

This Java Applet is hosted on a Web site and run by a malicious JavaScript that exploits the Java Web Start vulnerability.
It may be hosted in the following Web site:

http://www.{BLOCKED}ancomcareers.com/vasek

The malicious JavaScript file is detected by Trend Micro as JS_WEBSTART.A.
This Java Applet first checks if it is running in a Microsoft Windows Operating Sytem. It then connects to the URL where this malware is hosted and attempts to download a file. As of this writing, however, it does not successfully download any files.

Platforms Affected

Windows 98, ME, NT, 2000, XP, Server 2003

Solution:

For Windows ME and XP users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 1: Close all opened browser windows

Step 2: Remove malware files related to JAVA_WEBSTART.A

JS_WEBSTART.A

Step 3: Scan your computer with your Trend Micro product to delete files detected as JAVA_WEBSTART.A

*Note: If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Step 4: Download and apply security patches released by the vendor

http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html

Note: Refrain from using these products until the appropriate patches have been installed. Trend Micro advises users to download critical patches upon release by vendors.

References

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=
JAVA_WEBSTART.A&VSect=Sn

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

E-mail:

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
9th Floor, Stratton Court
La Poudriere Street
Port Louis