JRE 1.4.2_003 and Trojan.ByteVerify

Discussion in 'Java' started by Lukas Bradley, Jan 24, 2004.

  1. I recently installed the newest JDK and JRE 1.4.2_003 for development
    purposes and client applet support. When surfing around the web for a
    NON-pornographic video, I happened upon a particular site that
    apparently started an Applet.

    Immediately, Norton 2003 Anti-Virus caught a ZIP within C:\Documents and
    Settings\lbradley\Application
    Data\Sun\Java\Deployment\cache\javapi\v1.0\jar named
    plugin.jar-3aafe450-3b041b4c.zip (this may have been renamed by the
    browser, IE). The virus was identified as Trojan.ByteVerify. More
    information is located here:

    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

    My question is WHY hasn't the JRE for my browser been fixed to not allow
    the runtime security PermissionSet to be circumvented? Even though the
    above is defined as a Microsoft security alert, I am no longer using the
    Microsoft VM.

    Lukas
     
    Lukas Bradley, Jan 24, 2004
    #1
    1. Advertising

  2. "Lukas Bradley" ...
    |
    | I recently installed the newest JDK and JRE 1.4.2_003 for development
    | purposes and client applet support. When surfing around the web for a
    | NON-pornographic video, I happened upon a particular site

    What URL?

    | apparently started an Applet.
    ....
    |
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.h
    tml
    |
    | My question is WHY hasn't the JRE for my browser been fixed to not allow
    | the runtime security PermissionSet to be circumvented?

    If you are using the MS VM, it was never fixed.*
    If you are using the Sun VM, it was never broken.

    * The fix is to use the Java Plug-In

    |...Even though the
    | above is defined as a Microsoft security alert, I am no longer using the
    | Microsoft VM.

    Check the settings and ensure you
    are actually _using_ the Sun VM.

    Some of the people who install the
    latest MS are lucky enough to get
    their OS Component - IE, without
    the broken VM at all.

    The best fix is probably to get yourself
    Mozilla/Opera ..or Linux. ;-)

    --
    Andrew Thompson
    * http://www.PhySci.org/ PhySci software suite
    * http://www.1point1C.org/ 1.1C - Superluminal!
    * http://www.AThompson.info/andrew/ personal site
     
    Andrew Thompson, Jan 24, 2004
    #2
    1. Advertising

  3. Lukas Bradley

    Jezuch Guest

    Lukas Bradley wrote:
    > My question is WHY hasn't the JRE for my browser been fixed to not allow
    > the runtime security PermissionSet to be circumvented? Even though the
    > above is defined as a Microsoft security alert, I am no longer using the
    > Microsoft VM.


    I think there's no need to panic. When the VM downloads the code, it writes
    it to disk *before* executing; NAV then picks it up and alerts that there's
    a virus inside. That's pretty normal, I'd say :)
    --
    Ecce Jezuch
    "Cry, if you want to cry if it helps you see if it clears your eyes
    Hate, if you want to hate if it keeps you safe if it makes you brave
    Pray, if you want to pray if you like to kneel if you like to lay"
    - C. Cornell
     
    Jezuch, Jan 24, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Spendius
    Replies:
    5
    Views:
    462
    JScoobyCed
    Jan 26, 2004
  2. Ken
    Replies:
    3
    Views:
    10,965
  3. Alex Hunsley
    Replies:
    2
    Views:
    298
  4. Mad Programmer
    Replies:
    18
    Views:
    808
    Jim Langston
    Sep 13, 2005
  5. Jochen Brenzlinger
    Replies:
    5
    Views:
    938
    Roedy Green
    Sep 2, 2011
Loading...

Share This Page