Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Java: CLASS file processing and antivirus software (https://forum.exetools.com/showthread.php?t=6650)

MarkusO 02-01-2005 22:12
Java: CLASS file processing and antivirus software
 
It seems like there is a new Java exploit available, which is now used by some crack sites to change your default browser homepage and your internet security settings. When I noticed this behaviour with my browser, I did a virus scan and my antivirus found some infected java *.class files inside some *.zip files.

Now I'm wondering how Java loads his class files, since my antivirus is set to scan *.class files on access and also scan inside archives. I verified this with by opening the *.zip in winzip, which gave me a virus error. Then I disabled the archive scan and was able to open the *.zip, but I could not extract any of the *.class files because of virus found. So my antivirus works. But Java can load and execute the *.zip and *.class files without my antivirus showing virus found.

So how does Java load his programs?

nuemga2000 02-02-2005 14:19
Classes are loader through the class loader(s), that are part of the
Java runtime environment.There are different class loaders available,
and of course you can write your own. Normally, the class loader goes
through your classpath and examines the .jar files. If a matching .class
is found, then it's loaded ...

Kerstin

AgentSmith 02-02-2005 15:47
Hello,

Markus, that is strange. What browser do you use ?

I think that is a browser flow, especialy if you use that crap of MS IE.

As described here:

h t t p://www javaworld.com/javaworld/jw-09-1997/jw-09-hood.html

untrusted class will not be loaded.

regards,
asmith

new_profile 02-02-2005 16:02
Could you, please, post the infected .class or the link to it. Normally, the browser (in fact the security manager) do not allow any access to the local files and resources of an applet as java classes are loaded and executed in a separated context. At least, that what is claimed in the java world. This could be a bug of the JRE browser plugin though.

Thank you for the info.

Mkz 02-05-2005 18:46
Independently of any security flaws that the security manager might have, this still doesn't explain why a process (IE) accesses a .jar or .zip, and the AV doesn't perform the scan of the archive and denies access.


All times are GMT +8. The time now is 09:38.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX