Monday, December 06, 2010

Webroot finds Java bytecode virus "Mal/JavaHeL-C" aka "Trojan.ByteVerify"

Today, a sweep of my Vista laptop by Webroot Spysweeper found, in a file toward the end of the sweep (not in the Registry) a new virus “Mal/JavaHeL-C”, for which Sophos Security has a recent entry (webroot url) here.

The virus has two alias names, including “Trojan.ByteVerify”, which Symantec (Norton) has an entry here.

It appears that the virus can change the Internet Explorer home page, or add entries to favorites. It apparently exploits an IE byte code vulnerability. I have not seen any symptoms on my computer. It seems to have no affect on other browsers, including Mozilla.

A techguy forum gives a detailed log of detection, here.

No comments: