How can you tell what this applet is doing ?

Discussion in 'Spyware' started by wylbur37, Apr 30, 2005.

  1. wylbur37

    wylbur37 Guest

    The web page at http://misogyny-central.com/fp1.html
    runs a Java applet. The pertinent code is shown here ...

    <applet code="Time.class"
    codebase="http://misogyny-central.com/ipw-web/date/"
    width="308"
    height="20">
    <param name="textcolor" value="000000">
    <param name="backcolor" value="FFFFFF">
    <param name="font" value="Helvetica">
    <param name="fontsize" value="13">
    <param name="bordercolor" value="000000">
    </applet>

    Is there any way of knowing what the applet "Time.class" will do?
    Just because it's named "Time.class" doesn't mean it has anything
    to do with time. (A Java program can be named *anything* to hide
    its true intent, and could conceivably be planting all sorts of
    nasty stuff including spyware).

    Is there a safe way to find out?
     
    wylbur37, Apr 30, 2005
    #1
    1. Advertisements

  2. wylbur37

    AvianFlux Guest

    There has to be - but I don't know how or what utility will do that for
    you.

    There's a way to take out any risks associated with applets that's
    built into the Java Control Panel settings, however.

    Launch the Control Panel, disable Java applet cacheing. As a added
    precaution, set Temporary Internet Files storage to 0 MBs. That way
    nothing, Java applications or applets, will be saved on disk.
     
    AvianFlux, Apr 30, 2005
    #2
    1. Advertisements

  3. wylbur37

    Joe Guest


    You can download it, decompile it and examine the source.
     
    Joe, Apr 30, 2005
    #3
  4. javap (part of the SDK) produces 'disassembled java' and could be
    useful in this context.

    Important to check is your java policy file, located in
    java.home\lib\security\java.policy or user.home\.java.policy - this
    file allows you to grant permissions to certain sites / applets. (or
    use policytool)
     
    sanjay manohar, Apr 30, 2005
    #4
  5. wylbur37

    wylbur37 Guest

    But the source code produced wouldn't be Java, would it?
    It would probably be some assembler-looking type of code, right?
    (which would be rather difficult to read and trace).

    Do you know of any decompiler that would, in effect,
    convert a .class file back to a .java file?
     
    wylbur37, May 1, 2005
    #5
  6. wylbur37

    wylbur37 Guest

    If you visit a webpage that runs a malicious Java applet,
    it'll do its dirty deed whether there's a cache or not, wouldn't it?
    So how would the absence of a cache help you?
     
    wylbur37, May 1, 2005
    #6
  7. wylbur37

    AvianFlux Guest

    Because, Java applets & applications will not be saved to a file unless
    the Control Panel preferences are configured allowing them to be - or
    at least that's the way I understand it.

    By disabling cacheing and setting application storage to 0 MBs, Java
    applets and applications residing in RAM, are overwritten with new
    data, or flushed when the computer is shut down.

    I went to the site with the malicious Java applet, as far as I can tell
    nothing bad has made it on to my computer. I'll investigate a little
    deeper and make sure.
     
    AvianFlux, May 1, 2005
    #7
  8. wylbur37

    AvianFlux Guest

    This is what Jotti's Malware Scan returns for 'Time.class':

    http://virusscan.jotti.org/

    File: Time.class
    Status: OK
    MD5 23e95f3c2fb63e84d4a0c14269667d2a
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    mks_vir Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    VBA32 Found nothing
     
    AvianFlux, May 1, 2005
    #8
  9. http://kpdus.tripod.com/jad.html#general
     
    Christian Biesinger, May 1, 2005
    #9
  10. wylbur37

    ge0rge Guest

    You raise a dubious question and you are getting a lot of ill-informed
    answers. Ask yourself that question - if java technologies were that
    breakable, how come knowledgeable people are still using it? In fact,
    java applets were too secure and restrictive that it was getting useless
    as a tool. The sandbox rules have been relaxed to allow it to do some
    useful real work and it only becomes a security concern if you are
    stupid about it... similar to giving your credit card to a stranger and
    shouting foul when he misuses it.

    Not that java, like any other software, cannot be exploited but to read
    what's being said here, you'd think it's got more holes than a swiss cheese.
     
    ge0rge, May 2, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.