Exp/20120507-A

Category: Viruses and Spyware Protection available since:02 Apr 2012 11:26:05 (GMT)
Type: Trojan Last Updated:02 Apr 2012 11:26:05 (GMT)
Prevalence: Major Outbreak

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Exp/20120507-A is a detection for Java files designed to exploit the CVE-2012-0507 vulnerability.

This vulnerability exploits a logical flaw in the Java ‘AtomicReferenceArray’ object that fails to properly sandbox the Java Runtime Environment (JRE). This means that even a Java applet, delivered in an untrusted web page, can call system level Java functions that can be used to execute malicious code. Because this vulnerability is a JRE logical flaw, and does not rely on memory corruption, shellcode or data execution, it can be exploited very consistently.

This vulnerability is found in Java versions (up to and including) version 7 update 2, version 6 update 30, and version 5 update 33. For Windows and Linux you can update Java from java.com. For OS X, use Apple's Software Update.

This exploit has been seen to be used heavily in Blackhole Exploit Kits v1.2.3.

This exploit shot to prominence in April 2012, when it was used to sneak malware onto Mac OS X computers worldwide. This led to the appearance of a very large botnet involving hundreds of thousands of infected Macs.

You can read about the timeline of the Mac botnet which appeared in April 2012, primarily due to the use of this exploit against OS X users, on Sophos's Naked Security site:

Examples of Exp/20120507-A include:

Example 1

File Information

Size
5.7K
SHA-1
00346a85de0fba281ddb5a10861545e782dca13c
MD5
6a12459744f399fcd57d5aa13bcaf946
CRC-32
02b8ba74
File type
application/octet-stream
First seen
2012-04-03

Example 2

File Information

Size
9.7K
SHA-1
0099565d19c25ad6d0c89ee60bc0e190e3fcba96
MD5
1fa9e56fc004d01c9bc58450a7207472
CRC-32
de5bdaf7
File type
application/zip
First seen
2012-04-01

Example 3

File Information

Size
9.6K
SHA-1
01217d3e1af00f707e62d10d8cf5280bad52760d
MD5
686e656b0bb662debbd66fd4af526a7b
CRC-32
027a7bf7
File type
application/zip
First seen
2012-04-01

download Try Sophos products for free
Download now