Date: Wed, 12 Aug 1998 09:54:22 -0700
Message-Id: <199808121654.JAA29042@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: Mikko Hypponen <Mikko.Hypponen@DataFellows.com>
Subject: Re: StrangeBrew - Java virus
In-Reply-To: Mikko Hypponen's mail of Wed, 12 August, 1998
Mikko Hypponen writes:
> Hello there.
>
> I'm the manager of anti-virus research at Data Fellows.
>
> We recently (wednesday the 12th) received a sample of something that
> very hard tries to be (the first?) Java virus. In our initial test,
> it was able to copy its own code from one .class file to another
> (application to applet) and was able to gain control when the host
> was executed.
Hi,
I will be interested to have a look, though I do not have a PGP key.
It seems trivial that a Java application (running as trusted local
code) can trivially create any file on the file system, so if the
application carries the content of a .class file (of an applet) as
data with it, then this application can put .class file on the disk.
But this is something done by a piece of trusted code, so this is
nothing surprising. I would be surprised if you have a sample that
spreads itself without you explicitly running it as trusted code.
Did I misunderstand how your sample works?
Li
-- Li Gong, PhD Distinguished Engineer, Java Security and Networking Java Software Division, Sun Microsystems, Cupertino, California, USA Email: li.gong@sun.com and Web: http://java.sun.com/people/gong Tel: 408-343-1825 and Fax: 408-343-1993