Mal/JavaKnE-H

Posted: August 28, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	50

First Seen:	August 28, 2012
OS(es) Affected:	Windows

Mal/JavaKnE-H is a malicious Java applet that's used to install Trojans (such as the recently-identified Dropper.MsPMs and Troj/Agent-XNE). If you have Java enabled in your browser, visiting a site that hosts Mal/JavaKnE-H results in automatic attacks against your PC, and even updating Java isn't an adequate defense – since Mal/JavaKnE-H's exploit hasn't had a corresponding patch to remedy this security flaw. SpywareRemove.com malware researchers have been unable to find any symptoms related to Mal/JavaKnE-H's attack, which is hosted on the domain ok.XXX4.net. Trojans that are installed by Mal/JavaKnE-H are potentially high-level security threats, and you should remove such PC threats as soon as you can analyze your machine with anti-malware software whenever you suspect any contact with Mal/JavaKnE-H.

Why Mal/JavaKnE-H May Strike Despite All of Your Precautions

Mal/JavaKnE-H loads on malicious or hacked sites as a Java applet without visible symptoms – and with a Trojan payload that resolves itself as Troj/Agent-XNE. You should always scan your PC with anti-malware software after any potential contact with Mal/JavaKnE-H-hosting websites, and SpywareRemove.com malware research team additionally encourages you to disable Java routinely whenever it's not required by a trustworthy site. Mal/JavaKnE-H's Java exploit (which shouldn't be confused with JavaScript-based ones) launches automatically unless you have other security measures enabled – such as anti-malware programs that can detect Mal/JavaKnE-H or its current website, Cxweb/BadDlod-G.

Java versions JRE 1.7x are all vulnerable to Mal/JavaKnE-H's exploit, and, if Oracle keeps to its usual patching cycle, will not receive security patches for Mal/JavaKnE-H until October this year. SpywareRemove.com malware experts also note that Mal/JavaKnE-H has compatibility with multiple web browsers, although, as far as operating systems are concerned, Mal/JavaKnE-H appears to be limited to Windows (so far).

Mal/JavaKnE-H's sole purpose is to install malicious software onto your PC, and you should consider your PC potentially infected after any possible exposure to a Mal/JavaKnE-H-hosting site – or even advertisement.

Where Mal/JavaKnE-H Goes from Here

Mal/JavaKnE-H's Java exploit has been recently made public and, as a consequence, is very likely to be included in other attacks in the future – such as BEK or Blacole attacks that are configurable to deliver many types of PC threats across many platforms. Current Mal/JavaKnE-H payloads are focused on delivering backdoor Trojans that are capable of granting access to your PC to remote attackers. Consequences of such security breaches can include:

The installation of other PC threats on your hard drive.
Security programs (Task Manager, anti-virus scanners) being disabled.
Security features that are changed to be inactive – usually via the Windows Registry. For example, Trojans installed by Mal/JavaKnE-H may change Internet Explorer's security zones to make web-browsing unsafe.
Loss of confidential information due to spyware-related attacks or direct access to the relevant information through the associated backdoor Trojan.

Mal/JavaKnE-H

Threat Metric

Why Mal/JavaKnE-H May Strike Despite All of Your Precautions

Where Mal/JavaKnE-H Goes from Here

Leave a Reply