Threat Research

High-profile, legitimate site contains malware

Jan Širmer, 4 September 2012

High-profile, legitimate site contains malware

Not only users visiting high-risk sites need avast! protection, but also, for example, visitors of the well-known site (the Samsung SMART CAMERA blog) were able to notice that their avast! protected them from a threat.

Yesterday, on this site AVAST began to detect malicious Java content.

The malicious file was called Gondvv.class, which is a well-known bad file detected by AVAST as Java:CVE-2012-0507 ( and Java:CVE-2012-4681 ( - a recently discovered zero-day exploit affecting newest version of JRE (1.7). You can find the description of exploit on Oracle's site

Inside html code we found the injected applet:

JavaX.jar contains two files, Gondzz.class and Gondvv.class, which are used for exploiting users' computers.

avast! keeps users safe even against new malware.