JAVA_DLOADER.DLP

This Java File is a product of the Social-Engineer Toolkit (SET) used in penetration testing and advanced technological attacks in a social-engineering type of environment.

This Trojan may arrive bundled with malware packages as a malware component. It may be unknowingly downloaded by a user while visiting malicious websites. It may be hosted on a website and run when a user accesses the said website.

Arrival Details

This Trojan may arrive bundled with malware packages as a malware component.

It may be unknowingly downloaded by a user while visiting malicious websites.

It may be hosted on a website and run when a user accesses the said website.

Installation

This Trojan drops the following file(s)/component(s):

• %Temp%\42logfile42.tmp - non malicious log

(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.)

NOTES:

This Java File is a product of the Social-Engineer Toolkit (SET) used in penetration testing and advanced technological attacks in a social-engineering type of environment.

It is a universal applet that determines the running OS and then downloads a file and saves it in %User Profile% and executes it. As a result, malicious routines of the downloaded files are exhibited on the affected system.

The accessed URLs can be acquired from other component files.

The downloaded files are saved as follows:

• For Windows: {random characters}.exe
• For Mac OS, UNIX, LINUX: {random characters}.bin

It then executes the downloaded files.

It requires its main component to successfully perform its intended routine.

Also, for this applet to execute properly, it should be signed. As a signed applet, it can disguise itself as an applet or application from a reliable source and can be trusted to run with the permissions granted in the policy file.