JAVA_DLOADER.NTW
Posted: January 21, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 91 |
First Seen: | January 21, 2013 |
---|---|
OS(es) Affected: | Windows |
JAVA_DLOADER.NTW is a Java-based Trojan downloader that disguises itself as a Java update as a lure to install a variant of Andromeda (a botnet-based Trojan with some of the characteristics of worms, banking Trojans and backdoor Trojans). Like many fake Java updates, JAVA_DLOADER.NTW's attack coincides with a real Java update that attempts to correct a previously-unpatched security vulnerability. While SpywareRemove.com malware researchers do strongly recommend that you keep Java updated at all times, they also encourage you to avoid suspicious sources for patches, which may be exploited by JAVA_DLOADER.NTW and similar PC threats. If you have any reason to believe that JAVA_DLOADER.NTW has attacked your computer, you can remove JAVA_DLOADER.NTW's payload with appropriately advanced anti-malware utilities.
When Hastily-Updating Your Machine Can Land You in Hot Water
At the same time as Java is being patched to correct the CVE-2012-3174 vulnerability that could be used to attack even updated PCs, JAVA_DLOADER.NTW is being distributed through web attacks that portray it as a Java update. These fake updates may be distributed through various sites, but current samples that SpywareRemove.com malware experts have analyzed include fake news websites that are designed for the explicit purpose of distributing malware like JAVA_DLOADER.NTW.
Ironically using Java as its vehicle for attacking a PC user who's hoping to plug security problems in Java, JAVA_DLOADER.NTW proceeds to download several components of Andromeda, which may be detected as BKDR_ANDROM.NTW. BKDR_ANDROM.NTW is responsible for creating basic backdoor vulnerabilities and installing further components. SpywareRemove.com malware experts have noted probable additional attacks as including:
- Keylogging attacks (recording keyboard input).
- Capturing screenshots to steal information visually.
- Targeting and stealing information related to financial sites and other browser-based confidential data, such as passwords or credit card numbers.
- Efforts at blocking or disabling security programs and features, such as the Windows Firewall.
Keeping Java from Turning into a Trojan Horse Against Your Computer
Given JAVA_DLOADER.NTW's very well-identified infection vector, SpywareRemove.com malware researchers, first and foremost, suggest that you update Java only from the actual Java website and avoid software updates from unusual sources. Unfortunately, JAVA_DLOADER.NTW isn't the only means by which Andromeda variants as BKDR_ANDROM.NTW Trojans are distributed, and common PC threats like the Blackhole Exploit Kit may alternate multiple ruses and exploits to infect your computer.
Any successful JAVA_DLOADER.NTW attack should be considered equivalent to the total compromise of both your PC's privacy and its security, and SpywareRemove.com malware experts recommend you to delete JAVA_DLOADER.NTW-related PC threats with suitable anti-malware software. Variants of Andromeda like those that are installed by JAVA_DLOADER.NTW will attempt to avoid being detected or deleted by most methods, and even have been observed to reinstall themselves after an impartial removal attempt by inadequate software or PC users.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:b125ec5be6ddd7ee3b7adeb0ef992ccf
File name: b125ec5be6ddd7ee3b7adeb0ef992ccfSize: 4.27 KB (4270 bytes)
MD5: b125ec5be6ddd7ee3b7adeb0ef992ccf
Detection count: 20
Group: Malware file
Last Updated: January 22, 2013
c4a9921c71bc419b654b3d348945936006f38a62
File name: c4a9921c71bc419b654b3d348945936006f38a62Size: 5.22 KB (5229 bytes)
MD5: e2ef3179f353137762b4b14e0dd44bbd
Detection count: 10
Group: Malware file
Last Updated: January 22, 2013
javaupdate11.jar
File name: javaupdate11.jarMime Type: unknown/jar
Group: Malware file
javaupdate11.class
File name: javaupdate11.classMime Type: unknown/class
Group: Malware file
up1.exe
File name: up1.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
up2.exe
File name: up2.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.