[G3]-TechNews : Home| RSS | Atom | MSN | WAP

Article: Step-by-Step Guide: How to set up a VPN
Article: Download: Microsoft Monad (Beta)
Article: Building a 64-Bit Multimedia Workstation
Article: Coming Soon to Windows: The Microsoft Shell (MSH)
Article: How to Reset Win NT / 2000 / XP Administrator Password
Article: The Technology Behind Dual Core CPUs
Article: How-To: Wireless Network Security
Article: Article: PCI Express - technology backgrounder
Article: Tutorial: Access Hidden Files on Your iPod
Article: Troubleshooting drivers with XP's hidden Driver Verifier Manager
Article: How to Make a 5 in 1 Network Cable
Article: Comparison - Blu-ray & HD DVD
Article: Beginners Guides Linux : Part 1 | Part 2 | Part 3
Article: How To Crack WEP (Wired Equivalent Privacy)
Article: Email Addresses Spoofing.
Link: Free PHP ebook
Link: FREE ASP.NET books and eLearning course
Link: Free registration code for Opera 8.
Invitations: Gazzag (Here) | Yahoo! 360 (Here)  | Orkut (Here)

Java Applet trojan that infects Internet Explorer even when run in Firefox.
Contributed by: G3nu1n3, at 3/14/2005 11:03:00 PM.

Well heres a proof that Java is portable programming environment :)

Christopher Boyd from Vitalsecurity.org has found a Java trojan that is capable of downloading and infecting Internet Explorer with Spyware/Adware, even is you are running another browser that supports Java such as Firefox.

What is happening here is that, the trojan is in signed Java archive, that is signed with valid certificate. Which causes the Java runtime to ask from user whether this applet should be executed or not. And if user answers yes, the Java applet is given all the access that any other binary running under the user account would have.
Java warning
This allows the trojan do the same kind of nasty tricks as any other Java downloader trojan does, but without using any kind of exploits.

Also what makes the case interesting is that this trojan is probably not intended to work with Firefox or any other alternative browser. The trojan works just because the trojan author did not use any Microsoft specific code. Thus making the trojan portable to other platforms.

And yes, the trojan will most likely also work under Linux, but it won't do really anything there as it tries to download and execute Win32 EXE trojan.

So if a website asks you whether you want to run Java applet, and you are not intending to run some Java application you trust, just answer no.

Source: Link

To Read MOST UPDATED News Items browse to HOME page.


Post a Comment

<< Home

[G3]-TechNews : Home| RSS | Atom | MSN | WAP

Archives :

- Monthly Archives :

- Post Count: 1,783 before June 1, 2005. (Since: October 26, 2004)