Exploit.Java.CVE-2013-0422.z
Exploit.Java.CVE-2013-0422.z is a Java exploit, which spreads via a hijacked website that hosts and pushes a malicious Java applet exploiting the CVE 2013-0422 vulnerability. The malicious Java application, Exploit.Java.CVE-2013-0422.z, spreads via the infectious website called 'minjok.com', which turns out to be a news website in Korean and English languages including mainly political events around the Korean peninsula. The website is currently closed. The attackers added a single line in a page code displaying the latest news about Korea. This line of code pressed an attacked visitor's web browser to download and execute the malicious Java applet called Exploit.Java.CVE-2013-0422.z existing in the website. If exploited successfully, a malicious executable is downloaded to the victimized machine and run without the PC user's interaction. The executable is located on this hijacked website as well, hiding its file name as if it was a GIF image. The executable file is a malicious program, which serves as a simple dropper and installer for the next attack stage.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:javaupdates.jar
File name: javaupdates.jarMime Type: unknown/jar
agentm.exe
File name: agentm.exeFile type: Executable File
Mime Type: unknown/exe
Registry Modifications
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bspire = "%systemdrive%:\Temp\agentm.exe BSPIRE"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.