Trojan-Downloader:Java/GetShell.A

Just as you'd expect from its name, Trojan-Downloader:Java/GetShell.A is a JavaScript-based Trojan downloader that installs other PC threats (specifically, one of several backdoor Trojans, depending on the victim's operating system). At the time of this article's writing, SpywareRemove.com malware researchers have currently only seen Trojan-Downloader:Java/GetShell.A on a single hacked website for Colombia-based transportation, although Trojan-Downloader:Java/GetShell.A may also be seen on other websites in the future. Trojan-Downloader:Java/GetShell.A does require your permission to run before Trojan-Downloader:Java/GetShell.A can install its backdoor Trojan; paying attention to which applets you allow to run on your PC can help to prevent Trojan-Downloader:Java/GetShell.A-related attacks from achieving their goals.

Don't Be Too Quick to Trust Trojan-Downloader:Java/GetShell.A's 'Signed' Applet

As a JavaScript applet that's hosted on compromised websites, Trojan-Downloader:Java/GetShell.A may be mistaken for safe content by PC users who are used to automatically allowing JavaScript-related features to run without looking very closely at what they're doing. Although Trojan-Downloader:Java/GetShell.A is signed, its signature is self-provided and, as such, completely worthless for security or identity verification purposes. Depending on your PC's OS and other factors, the prompt that Trojan-Downloader:Java/GetShell.A launches may warn that Trojan-Downloader:Java/GetShell.A is an untrusted and potentially dangerous applet.

The prompt that Trojan-Downloader:Java/GetShell.A certificates create will give you the option to run Trojan-Downloader:Java/GetShell.A, which uses the generic name 'Java' and purports to be associated with the 'ComuTV' company. SpywareRemove.com malware researchers note that refusing this prompt will prevent Trojan-Downloader:Java/GetShell.A from running, and, thus, leave your PC safe from harm. However, if you accept this prompt, your PC will be infected by one of several types of backdoor Trojans.

Trojan-Downloader:Java/GetShell.A: Offering Cross-Platform Compatibility in All the Worst Ways

Trojan-Downloader:Java/GetShell.A attempts to detect your operating system before Trojan-Downloader:Java/GetShell.A installs the aforementioned backdoor Trojan. Once Trojan-Downloader:Java/GetShell.A does this, Trojan-Downloader:Java/GetShell.A will install one of three identically-behaving Trojans:

• Backdoor:OSX/GetShell.A
• Backdoor:W32/GetShell.A
• Backdoor:Linux/GetShell.A

These backdoor Trojans are designed for the open source Linux operating system,, Microsoft's Windows and Apple's OS X, respectively. No matter which Trojan infects your PC, they all attempt to connect to a specific IP address to receive additional instructions.

This backdoor exploit also has a high chance to be used for other attacks, as typical for all backdoor Trojans. PC threats that are installed by Trojan-Downloader:Java/GetShell.A may steal personal information such as bank account passwords, install other forms of harmful software, redirect your browser, change your operating system's settings without your consent or disable necessary security programs. Hence, SpywareRemove.com malware researchers rate any successful Trojan-Downloader:Java/GetShell.A attack as an extreme compromise of your PC's security to be remedied by anti-malware software as suitable for your OS.

The single compromised site that has been accidentally responsible for distributing Trojan-Downloader:Java/GetShell.A has been shut down, although chances remain high that other sites will be compromised in a similar fashion in the future.

Technical Details