Home Malware Programs Trojans JAVA_DLOADER.NTW

JAVA_DLOADER.NTW

Posted: January 21, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 91
First Seen: January 21, 2013
OS(es) Affected: Windows

JAVA_DLOADER.NTW is a Java-based Trojan downloader that disguises itself as a Java update as a lure to install a variant of Andromeda (a botnet-based Trojan with some of the characteristics of worms, banking Trojans and backdoor Trojans). Like many fake Java updates, JAVA_DLOADER.NTW's attack coincides with a real Java update that attempts to correct a previously-unpatched security vulnerability. While SpywareRemove.com malware researchers do strongly recommend that you keep Java updated at all times, they also encourage you to avoid suspicious sources for patches, which may be exploited by JAVA_DLOADER.NTW and similar PC threats. If you have any reason to believe that JAVA_DLOADER.NTW has attacked your computer, you can remove JAVA_DLOADER.NTW's payload with appropriately advanced anti-malware utilities.

When Hastily-Updating Your Machine Can Land You in Hot Water

At the same time as Java is being patched to correct the CVE-2012-3174 vulnerability that could be used to attack even updated PCs, JAVA_DLOADER.NTW is being distributed through web attacks that portray it as a Java update. These fake updates may be distributed through various sites, but current samples that SpywareRemove.com malware experts have analyzed include fake news websites that are designed for the explicit purpose of distributing malware like JAVA_DLOADER.NTW.

Ironically using Java as its vehicle for attacking a PC user who's hoping to plug security problems in Java, JAVA_DLOADER.NTW proceeds to download several components of Andromeda, which may be detected as BKDR_ANDROM.NTW. BKDR_ANDROM.NTW is responsible for creating basic backdoor vulnerabilities and installing further components. SpywareRemove.com malware experts have noted probable additional attacks as including:

  • Keylogging attacks (recording keyboard input).
  • Capturing screenshots to steal information visually.
  • Targeting and stealing information related to financial sites and other browser-based confidential data, such as passwords or credit card numbers.
  • Efforts at blocking or disabling security programs and features, such as the Windows Firewall.

Keeping Java from Turning into a Trojan Horse Against Your Computer

Given JAVA_DLOADER.NTW's very well-identified infection vector, SpywareRemove.com malware researchers, first and foremost, suggest that you update Java only from the actual Java website and avoid software updates from unusual sources. Unfortunately, JAVA_DLOADER.NTW isn't the only means by which Andromeda variants as BKDR_ANDROM.NTW Trojans are distributed, and common PC threats like the Blackhole Exploit Kit may alternate multiple ruses and exploits to infect your computer.

Any successful JAVA_DLOADER.NTW attack should be considered equivalent to the total compromise of both your PC's privacy and its security, and SpywareRemove.com malware experts recommend you to delete JAVA_DLOADER.NTW-related PC threats with suitable anti-malware software. Variants of Andromeda like those that are installed by JAVA_DLOADER.NTW will attempt to avoid being detected or deleted by most methods, and even have been observed to reinstall themselves after an impartial removal attempt by inadequate software or PC users.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



b125ec5be6ddd7ee3b7adeb0ef992ccf File name: b125ec5be6ddd7ee3b7adeb0ef992ccf
Size: 4.27 KB (4270 bytes)
MD5: b125ec5be6ddd7ee3b7adeb0ef992ccf
Detection count: 20
Group: Malware file
Last Updated: January 22, 2013
c4a9921c71bc419b654b3d348945936006f38a62 File name: c4a9921c71bc419b654b3d348945936006f38a62
Size: 5.22 KB (5229 bytes)
MD5: e2ef3179f353137762b4b14e0dd44bbd
Detection count: 10
Group: Malware file
Last Updated: January 22, 2013
javaupdate11.jar File name: javaupdate11.jar
Mime Type: unknown/jar
Group: Malware file
javaupdate11.class File name: javaupdate11.class
Mime Type: unknown/class
Group: Malware file
up1.exe File name: up1.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
up2.exe File name: up2.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Loading...