Quote:
Originally Posted by Fiery
Both IE8 and NOD32 throws an alert when visiting TRF. I've never had such issues before... NOD32 says:
*h*t*t*p*://nempesrsrioic.com/content/v1.jar
Java/TrojanDownloader.OpenConnection.AQ trojan
Does anyone else get such an alert? (I've put the asterisks in the URL)
|
Yes last night one of the exploits was a jar loader - the disguised message was "Java needs to update files for this site". The exploit was a Java Archive file that had a bundle of multiple executables that would stay resident in background while collecting data on the target machine.
This is usually a keystroke logger specifically designed to log any 16 digit number followed by a 4 digit number and associated name data. After a few days of collection and tracking your activity, the bot code snippet wakes us and reports the contents of the logger to the botnet controller.