Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan:Java/Boonana

04 Nov 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Trojan:Java/Boonana

Quote:


Summary

Trojan:Java/Boonana is the detection for a Java archive (.JAR) file that connects to a remote server to download files and to send information about the user's activities. It is known to be distributed as a link in messages in popular social networking sites such as Facebook. This trojan contains components that are installed on both Mac and Windows operating systems.


Top

Symptoms

The following may indicate the presence of this malware:
  • You receive a message from a friend in Facebook or another social networking website containing a link. When you click on the link, you are prompted to install a Java applet.


Top

Technical Information (Analysis)

Trojan:Java/Boonana is the detection for a Java archive (.JAR) file that connects to a remote server to download files and to send information about the user's activities. It is known to be distributed as a link in messages in popular social networking sites such as Facebook. This trojan contains components that are installed on both Mac and Windows operating systems.
Installation

Trojan:Java/Boonana may be hosted on a website and installed by unsuspecting users. Users of social networking sites such as Facebook may receive messages containing a link to the website. When a user clicks on the hyperlink, they are prompted to run a Java applet named "JPhotoAlbum.jar", which is detected as Trojan:Java/Boonana. It contains several components:

  • start.class - contains the main method and initialization functions
  • classprotect.class - contains the methods to download different file input streams from a given URL
  • a.jad - contains the methods to execute remote files
  • lake.jad - capture screenshots and download files (see Payload section below)
  • jphotoalbum.jad - encodes and decodes URLs, download files

When run, Trojan:Java/Boonana also drops the following files:

  • "._" - batch file
  • "_" - Java JAR file containing malicious java classes
  • "logo.gif" - clean GIF file
  • ".vbs"- VBS script used to call the Java runtime library
More -
Encyclopedia entry: Trojan:Java/Boonana - Learn more about malware - Microsoft Malware Protection Center

My System SpecsSystem Spec
.

Reply

 Trojan:Java/Boonana




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:28 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33