Trojan-Downloader:Java/GetShell.A
Posted: July 10, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 31 |
First Seen: | July 10, 2012 |
---|---|
OS(es) Affected: | Windows |
Just as you'd expect from its name, Trojan-Downloader:Java/GetShell.A is a JavaScript-based Trojan downloader that installs other PC threats (specifically, one of several backdoor Trojans, depending on the victim's operating system). At the time of this article's writing, SpywareRemove.com malware researchers have currently only seen Trojan-Downloader:Java/GetShell.A on a single hacked website for Colombia-based transportation, although Trojan-Downloader:Java/GetShell.A may also be seen on other websites in the future. Trojan-Downloader:Java/GetShell.A does require your permission to run before Trojan-Downloader:Java/GetShell.A can install its backdoor Trojan; paying attention to which applets you allow to run on your PC can help to prevent Trojan-Downloader:Java/GetShell.A-related attacks from achieving their goals.
Don't Be Too Quick to Trust Trojan-Downloader:Java/GetShell.A's 'Signed' Applet
As a JavaScript applet that's hosted on compromised websites, Trojan-Downloader:Java/GetShell.A may be mistaken for safe content by PC users who are used to automatically allowing JavaScript-related features to run without looking very closely at what they're doing. Although Trojan-Downloader:Java/GetShell.A is signed, its signature is self-provided and, as such, completely worthless for security or identity verification purposes. Depending on your PC's OS and other factors, the prompt that Trojan-Downloader:Java/GetShell.A launches may warn that Trojan-Downloader:Java/GetShell.A is an untrusted and potentially dangerous applet.
The prompt that Trojan-Downloader:Java/GetShell.A certificates create will give you the option to run Trojan-Downloader:Java/GetShell.A, which uses the generic name 'Java' and purports to be associated with the 'ComuTV' company. SpywareRemove.com malware researchers note that refusing this prompt will prevent Trojan-Downloader:Java/GetShell.A from running, and, thus, leave your PC safe from harm. However, if you accept this prompt, your PC will be infected by one of several types of backdoor Trojans.
Trojan-Downloader:Java/GetShell.A: Offering Cross-Platform Compatibility in All the Worst Ways
Trojan-Downloader:Java/GetShell.A attempts to detect your operating system before Trojan-Downloader:Java/GetShell.A installs the aforementioned backdoor Trojan. Once Trojan-Downloader:Java/GetShell.A does this, Trojan-Downloader:Java/GetShell.A will install one of three identically-behaving Trojans:
- Backdoor:OSX/GetShell.A
- Backdoor:W32/GetShell.A
- Backdoor:Linux/GetShell.A
These backdoor Trojans are designed for the open source Linux operating system,, Microsoft's Windows and Apple's OS X, respectively. No matter which Trojan infects your PC, they all attempt to connect to a specific IP address to receive additional instructions.
This backdoor exploit also has a high chance to be used for other attacks, as typical for all backdoor Trojans. PC threats that are installed by Trojan-Downloader:Java/GetShell.A may steal personal information such as bank account passwords, install other forms of harmful software, redirect your browser, change your operating system's settings without your consent or disable necessary security programs. Hence, SpywareRemove.com malware researchers rate any successful Trojan-Downloader:Java/GetShell.A attack as an extreme compromise of your PC's security to be remedied by anti-malware software as suitable for your OS.
The single compromised site that has been accidentally responsible for distributing Trojan-Downloader:Java/GetShell.A has been shut down, although chances remain high that other sites will be compromised in a similar fashion in the future.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:Java.class
File name: Java.classSize: 4.19 KB (4195 bytes)
MD5: a65a6d0adf2d4eca0a1d640e9385c3ab
Detection count: 88
Mime Type: unknown/class
Group: Malware file
Last Updated: July 11, 2012
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.