Java/Jacksbot [Threat Name] go to Threat

Java/Jacksbot.A [Threat Variant Name]

Category trojan
Size 53038 B
Detection created Oct 13, 2012
Detection database version 7581
Detection Windows Mobile db version 3.488
Detection Symbian db version 3.501
Aliases Java:Jacksbot-A (Avast)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Microsoft Windows Operating System" = "%javarootfolder%\­bin\­javaw.exe - jar "%malwarefilepath%""

The following files are modified:

  • /etc/rc.local  (Linux)
  • /etc/rc.common (OS X)

The written data contains the following string:

  • #!bin/bash/ java -jar "%filepath%"

This causes the trojan to be executed on every system start.

Information stealing

Java/Jacksbot.A is a trojan that steals sensitive information.


The following information is collected:

  • computer name
  • user name
  • information about the operating system and system settings
  • computer IP address
  • current screen resolution
  • data from the clipboard
  • network adapter information
  • login user names for certain applications/services
  • login passwords for certain applications/services
  • memory status
  • the list of installed software
  • network parameters

The trojan collects information related to the following applications:

  • Minecraft
  • FileZilla
  • uTorrent

The trojan can send the information to a remote machine.

Payload information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains an URL address. The TCP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • execute shell commands
  • update itself to a newer version
  • uninstall itself
  • send files to a remote computer
  • various filesystem operations
  • delete files
  • create folders
  • move files
  • delete folders
  • send the list of files on specific drive to a remote computer
  • capture screenshots
  • open a specific URL address
  • perform DoS/DDoS attacks
  • send the list of running processes to a remote computer
  • terminate running processes
  • log keystrokes
  • delete Registry entries
  • create Registry entries
  • play sound/video
  • capture webcam video/voice
  • redirect network traffic
  • shut down/restart the computer
  • log off the current user
  • send data to the printer

Please enable Javascript to ensure correct displaying of this content and refresh this page.