Home Malware Programs Malware Exploit.Java.CVE-2013-0422.z

Exploit.Java.CVE-2013-0422.z

Posted: April 22, 2013

Exploit.Java.CVE-2013-0422.z is a Java exploit, which spreads via a hijacked website that hosts and pushes a malicious Java applet exploiting the CVE 2013-0422 vulnerability. The malicious Java application, Exploit.Java.CVE-2013-0422.z, spreads via the infectious website called 'minjok.com', which turns out to be a news website in Korean and English languages including mainly political events around the Korean peninsula. The website is currently closed. The attackers added a single line in a page code displaying the latest news about Korea. This line of code pressed an attacked visitor's web browser to download and execute the malicious Java applet called Exploit.Java.CVE-2013-0422.z existing in the website. If exploited successfully, a malicious executable is downloaded to the victimized machine and run without the PC user's interaction. The executable is located on this hijacked website as well, hiding its file name as if it was a GIF image. The executable file is a malicious program, which serves as a simple dropper and installer for the next attack stage.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



javaupdates.jar File name: javaupdates.jar
Mime Type: unknown/jar
agentm.exe File name: agentm.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run bspire = "%systemdrive%:\Temp\agentm.exe BSPIRE"
Loading...