| Risk Assessment | |
| - Home Users: | Low |
| - Corporate Users: | Low |
| Date Discovered: | 6/18/2007 |
| Date Added: | 6/18/2007 |
| Origin: | N/A |
| Length: | game.class (24,739 bytes) |
| Type: | Trojan |
| SubType: | Downloader |
| DAT Required: | 5055 |
Virus Characteristics
Downloader-BCS is a java applet trojan intended to silently download and execute malicious content from a remote server.
The trojan exploits a Buffer Overflow Vulnerability in Java Runtime Environment (JRE) while parsing certain image file formats like GIF.
When the applet is run on the victim machine having a vulnerable installation of Java Runtime Environment, the trojan downloads another malware from the remote server and executes it.
The following files are downloaded . The applet file (game.class) is of 24,739 bytes in size.
- game.class --> Malicious Java applet
- picsj.exe --> variant of Proxy-Agent.o
The trojan automatically connects to the following domain to download additional malware.
- http://216.32.92[blocked]/
Indications of Infection
- Outgoing HTTP traffic to the domain http://216.32.92[blocked]/
Note: As the website being communicated is normally controlled by the malware author, any files being downloaded can be remotely modified and the behavior of these new binaries altered - possibly with every user infection.
Method of Infection
This downloader trojan exists purely to steal sensitive information, download and run other remote files. The downloader is run on the victim machine in a way that assists in masking its activity.
Removal InstructionsA combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.