Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Java: CLASS file processing and antivirus software
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-01-2005, 22:12
MarkusO
 
Posts: n/a
Java: CLASS file processing and antivirus software
It seems like there is a new Java exploit available, which is now used by some crack sites to change your default browser homepage and your internet security settings. When I noticed this behaviour with my browser, I did a virus scan and my antivirus found some infected java *.class files inside some *.zip files.

Now I'm wondering how Java loads his class files, since my antivirus is set to scan *.class files on access and also scan inside archives. I verified this with by opening the *.zip in winzip, which gave me a virus error. Then I disabled the archive scan and was able to open the *.zip, but I could not extract any of the *.class files because of virus found. So my antivirus works. But Java can load and execute the *.zip and *.class files without my antivirus showing virus found.

So how does Java load his programs?
Reply With Quote
  #2  
Old 02-02-2005, 14:19
nuemga2000 nuemga2000 is offline
Friend
  
Join Date: Jan 2002
Posts: 59
Rept. Given: 1
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 5 Times in 5 Posts
nuemga2000 Reputation: 2
Classes are loader through the class loader(s), that are part of the
Java runtime environment.There are different class loaders available,
and of course you can write your own. Normally, the class loader goes
through your classpath and examines the .jar files. If a matching .class
is found, then it's loaded ...

Kerstin
Reply With Quote
  #3  
Old 02-02-2005, 15:47
AgentSmith
 
Posts: n/a
Hello,

Markus, that is strange. What browser do you use ?

I think that is a browser flow, especialy if you use that crap of MS IE.

As described here:

h t t p://www javaworld.com/javaworld/jw-09-1997/jw-09-hood.html

untrusted class will not be loaded.

regards,
asmith
Reply With Quote
  #4  
Old 02-02-2005, 16:02
new_profile new_profile is offline
VIP
  
Join Date: Aug 2002
Posts: 153
Rept. Given: 27
Rept. Rcvd 7 Times in 7 Posts
Thanks Given: 56
Thanks Rcvd at 52 Times in 23 Posts
new_profile Reputation: 7
Could you, please, post the infected .class or the link to it. Normally, the browser (in fact the security manager) do not allow any access to the local files and resources of an applet as java classes are loaded and executed in a separated context. At least, that what is claimed in the java world. This could be a bug of the JRE browser plugin though.

Thank you for the info.
Reply With Quote
  #5  
Old 02-05-2005, 18:46
Mkz Mkz is offline
Friend
  
Join Date: Jan 2002
Posts: 98
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 25 Times in 17 Posts
Mkz Reputation: 2
Independently of any security flaws that the security manager might have, this still doesn't explain why a process (IE) accesses a .jar or .zip, and the AV doesn't perform the scan of the archive and denies access.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Baidu an Antivirus Software or a Spyware/Malware? TempoMat General Discussion 7 06-26-2014 01:23


All times are GMT +8. The time now is 16:51.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )