View my documents ()
 Home > Support > Global Security Advisor 

Virus Detail

Java/ByteVerify!exploit

Date Published:
7 Sep 2003

Last Updated:
21 May 2007

Threat Assessment

Overall Risk:   None
Wild:  None
Destructiveness:  None
Pervasiveness:  None

Characteristics

Type : Other

Category : 

Also known as:  Blackbox Trojan, Exploit-ByteVerify, JS.ByteVerify!exploit, HTML/ByteVerify!exploit, HTML.ByteVerify!exploit , JS/ByteVerify!exploit, Java.ByteVerify!exploit , Java.ByteVerify.exploit, HTML.ByteVerify.exploit, Java/ByteVerify.Exploit.240.Troj, Java ByteVerifyExploit, Java/Shinwow.F.Blackbox.Trojan, Verify

Immediate Protection Info

 
 
 

Description

This is not a virus, but rather a method to exploit a security vulnerability in the Microsoft Virtual Machine. This vulnerability arises as the ByteCode verifier in the Microsoft Virtual machine does not correctly check for the presence of certain malformed code when a Java applet is loaded. Attackers could exploit this vulnerability by creating malicious Java applets and inserting them into web pages. These web pages could be hosted on a site by a malicious web master, or could be sent to users as an attachment. To read more about this issue, and to download the necessary patches, please visit:

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

For more information, or for examples of this exploit in action, please see the description of the following malware (found elsewhere in the encyclopedia):

Note: this detection may be triggered by merely visiting a web page that contains malicious code. It does not necessarily mean your machine has been compromised, nor that your machine is vulnerable to this particular exploit.

-------------------------------------

Removal Instructions
Virus found in the Java™ Runtime Environment, Standard Edition (JRE) cache directory

Malicious applets may be detected in the JRE cache directory by your CA antivirus solution. The default installation path for this directory can be seen below:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (for more information on this vulnerability, please see Microsoft Security Bulletin MS03-011).

For more information on these malicious applets and their use, please visit the Sun Microsystems Java Technology Help Knowledgebase here: http://java.com/en/download/help/cache_virus.jsp

Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:

1. From the Start button, click Settings> Control Panel
2. In the Control Panel, open the "Java Plug-in Control Panel"
3. Select the Cache Tab
4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

Buy

Buy CA Anti-Virus

Large Enterprise
Small and Medium Business
Home and Home Office

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All

Security Resources

Analyst Reports

Gartner Magic Quadrant for Web Access Management
More

Events

RSA Conference 2010
CA World 2010
More

Insights

On-Demand Webcasts

Operate Lean with CA Compliance Manager for z/OS
Analyst Webcast: Privileged User Access- Gaining Powerful Control of Powerful Users
More

Press

CA Enables Growth of Open Source for the Enterprise
CA Helps Secure Louisiana Rural Health Information Exchange

News

How to Improve Cloud Security in Your Enterprise
Cloud Security: Ten Questions to Ask Before You Jump In
More
 
 
Page Tools
ShareShare