JAVA_DLOADER.DSA

This malware was downloaded from a fake Trend Micro page.

This Trojan may arrive bundled with malware packages as a malware component. It may be unknowingly downloaded by a user while visiting malicious websites. It may be hosted on a website and run when a user accesses the said website.

Arrival Details

This Trojan may arrive bundled with malware packages as a malware component.

It may be unknowingly downloaded by a user while visiting malicious websites.

It may be hosted on a website and run when a user accesses the said website.

It may be downloaded from the following remote sites:

• hxxp://{BLOCKED}e.{BLOCKED}icro-portal.com/Signed_Update.jar

Installation

This Trojan drops the following file(s)/component(s):

• %Temp%\42logfile42.tmp - non malicious log

(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp.)

NOTES:

This Java file is a product of Social-Engineer Toolkit (SET) used in penetration testing and advanced technological attacks in a social-engineering type environment.

This Java file is a universal applet that first determines the running OS. It then downloads a file and saves it in %User Profile%. The downloaded file is executed and as a result, malicious routines of the downloaded files are exhibited on the affected system.

The accessed ULRs can be acquired from other component files.

The downloaded files are saved as the following:

• For Windows: {random characters}.exe
• For Mac OS, UNIX, LINUX: {random characters}.bin

This applet should be signed in order for it to execute properly. As a signed applet, it can disguise itself as an applet or application from a reliable source and can be trusted to run with the permissions granted in the policy file.