Welcome to WebmasterWorld Guest from 34.239.158.107

Forum Moderators: open

Message Too Old, No Replies

Cross Platform Java Worm

Could this be the "Holy Grail" worm?

     
7:23 pm on Nov 25, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
posts:684
votes: 2


Just came across this article [newscientist.com] at New Scientist, detailing a new Java vulnerability that would enable a clever programmer to create a cross browser, cross platform worm.

The Java Plugin flaw is known to affect both Microsoft's Windows platform and the Linux operating system. It has also been tested on Internet Explorer and rival browsers Firefox and Opera.

if anyone in here has some more info on this, it might be a good idea to share. This strikes me has having a high bugaboo factor. I wouldn't mind finding out how serious the threat is. I'm gonna head off to the security sites and see what's roiling around in there.

9:13 pm on Nov 25, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 14, 2004
posts:1181
votes: 0


Information regarding the vulnerability and its mitigation are at: [sunsolve.sun.com...]

As you can see, JavaScript as well as Java are utilized in this exploit.

10:22 pm on Nov 25, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
posts:684
votes: 2


Couldn't get that link to work, but did get some info from other sources.

vnunet article [vnunet.com] - notably, they refer to the vulnerability as "...a potentially devastating flaw..."

F-Secure's Weblog Entry [f-secure.com]

Basically, it comes down to getting the most recent version of Java RTE. Anything older than the current version is vulnerable.

Which means, that seeing as the majority of people almost never update Java, we're prolly gonna be seeing this on drive-by scumware sites in the near future. (Given the speed with which vulns have been exploited lately, I think we're talking days, not weeks).

I'm just waiting for an "in the wild" infection hitting Linux distros or FireFox. Methinks MS will make some serious hay out of that, if/when it happens.