NOD32---Found infected .jar file, but only gave me "LEAVE" button

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I doubt that - what you may well be seeing is vulnerabilities involving
JavaScript - which is totally different!
Any examples??

Doubt away, it's still happening

I know the difference between Javascript and code written to exploit
Microsoft's Java VM.

I haven't any examples to hand but it's quite obvious in the HTML code what
it's trying to do. It explicitly states under a "MSJVM" clause to download
a few .jar files. I have seen this as recently as three months ago.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)

iD8DBQFEw8tm7uRVdtPsXDkRAtmMAJ9kLZf8WmoS27SBE3otlqKG8FidUACfSISa
THlw4nZkxdRiHKU6BsyPPbc=
=AGTe
-----END PGP SIGNATURE-----

 

[Noel Paton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Doubt away, it's still happening

I know the difference between Javascript and code written to exploit
Microsoft's Java VM.

I haven't any examples to hand but it's quite obvious in the HTML code
what
it's trying to do. It explicitly states under a "MSJVM" clause to download
a few .jar files. I have seen this as recently as three months ago.

,,,and how old was the code you were watching? - probably best part of 5
years old!

'plenty' = 1 every three months??

Time for a reality check here, methinks!


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[Virus Guy]

http://news.com.com/2100-1001-977051.html
http://www.microsoft.com/technet/security/bulletin/MS02-052.mspx
http://seclists.org/lists/microsoft/2002/Oct-Dec/0013.html

This one is interesting:

http://www.elsenot.com/

Does anyone know the names of exploits (if any) designed to take
advantage of the MSJVM vulnerabilities?

Could it be that a fully updated (if dated) MSJVM is actually more
secure than what's been available from Sun for the past few years?

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>

| http://news.com.com/2100-1001-977051.html
| http://www.microsoft.com/technet/security/bulletin/MS02-052.mspx
| http://seclists.org/lists/microsoft/2002/Oct-Dec/0013.html
|
| This one is interesting:
|
| http://www.elsenot.com/
|
| Does anyone know the names of exploits (if any) designed to take
| advantage of the MSJVM vulnerabilities?
|
| Could it be that a fully updated (if dated) MSJVM is actually more
| secure than what's been available from Sun for the past few years?

You maen like...
Exploit-ByteVerify -- http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

There are those that believe the will also exploit vulnerable versions of Sun Java.

 

[Noel Paton]

So far, the only vuln that I can see that's later than 2003 is
http://www.microsoft.com/technet/security/bulletin/MS05-037.mspx?pf=true

which is over a year old

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[James Egan]

Boy, you try to educate someone that doesn't know how a something works
Java, .Net or otherwise and this is the response?

It's not surprising when you post such crap. First of all you explain
that

"Newer version of Java or .Net are backwards compatible with older
versions. So things run smoothly or transparently."

Intimating that you only need the most up to date version. And then
you say

"The bottom line is there are going to be multiple versions of the
runtime components on the client side."

Intimating the opposite.

No surprise that the guy's confused.


Jim.

 

[kurt wismer]

.Net is backwards compatible with its older versions. So any thing that was
done in .Net 1.1 should work in 2.0. The ECMA and ISO who control the .NET
Framework (MS doesn't own it) to run across platforms and to be used by
multiple languages other than what MS has on the table is not going to allow
that.

A .Net application can specially indicate what version of the .Net
Framework it's going to use and will look for that version.on the machine.
There are 3 versions of the .NET Framework that I know about version 1.0,
1.1 and 2.0.

say what you like about .NET backwards compatibility, but their changing
of the internal structure of the datetime object in 2.0 has caused
compatibility problems... i doubt that's the only example...

 

[Thomas G. Marshall]

kurt wismer said something like:

say what you like about .NET backwards compatibility, but their changing
of the internal structure of the datetime object in 2.0 has caused
compatibility problems... i doubt that's the only example...

It's a common theme.

If you change everything, then compatibility breaks.

If you keep things compatible with legacy notions, then you end up with a
crippled design much the time.

Java has run into this recently with Generics, if you're software
knowledgeable. Instead of altering the universe like they should of, they
put in a half-assed solution that has in the long run caused no end of
bickering.

 

[Duane Arnold]

kurt wismer said something like:

[snip]

With .NET, the difference between v1.1 and v2 is significant - it's more
than just an update, and could almost be considered a different
platform,
hence the need to keep both on the system if you're running software
that
needs each.


.Net is backwards compatible with its older versions. So any thing that
was
done in .Net 1.1 should work in 2.0. The ECMA and ISO who control the
.NET
Framework (MS doesn't own it) to run across platforms and to be used by
multiple languages other than what MS has on the table is not going to
allow
that.

A .Net application can specially indicate what version of the .Net
Framework it's going to use and will look for that version.on the
machine.
There are 3 versions of the .NET Framework that I know about version 1.0,
1.1 and 2.0.

say what you like about .NET backwards compatibility, but their changing
of the internal structure of the datetime object in 2.0 has caused
compatibility problems... i doubt that's the only example...

It's a common theme.

If you change everything, then compatibility breaks.

If you keep things compatible with legacy notions, then you end up with a
crippled design much the time.

Java has run into this recently with Generics, if you're software
knowledgeable. Instead of altering the universe like they should of, they
put in a half-assed solution that has in the long run caused no end of
bickering.

Java is not even a standard so Sun can do with it what they want to do
and no one can stop them.

Duane

 

[Thomas G. Marshall]

Duane Arnold" <"Do forget about it said something like:

Thomas G. Marshall wrote:
....[rip]...

It's a common theme.

If you change everything, then compatibility breaks.

If you keep things compatible with legacy notions, then you end up with a
crippled design much the time.

Java has run into this recently with Generics, if you're software
knowledgeable. Instead of altering the universe like they should of,
they
put in a half-assed solution that has in the long run caused no end of
bickering.

Java is not even a standard so Sun can do with it what they want to do
and no one can stop them.

Actually, java has a /very/ tight standard; among the tightest I've ever
seen, including C99 et. al. And there is a facility for altering it. What
you probably mean is that there is no independent standards body, which is
only half true. The thing that Sun did was disallow the reckless "design by
committee" and remained the benevolent dictator, which honestly is something
I support. But regardless of who authors such changes the theme remains
precisely the same: "sweeping change often cripples compatibility" vs.
"compatible changes often produce crippled product". (quotes just for
grouping purposes).

 

[Noel Paton]

"Thomas G. Marshall" <[email protected]>
wrote in message

"His name was Robert Paulson. His name was Robert Paulson. His name was
Robert
Paulson..."

Whose name was Robert Paulson?


--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Thomas G. Marshall"

Whose name was Robert Paulson?

"Bob. Bob had bitch tits."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)

iD8DBQFExOm27uRVdtPsXDkRAmUZAJ4wI2tcD7D79Jx6JBohj5B+E1kWzQCgh2iO
1Zx0/jrUJngI0IutXp8eipY=
=pG67
-----END PGP SIGNATURE-----

 

[Thomas G. Marshall]

Adam Piggott said something like:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



"Bob. Bob had bitch tits."

So funny that this was just on last nite. I love that movie. One of Pitts
best roles---next to 12 monkey's

Note: I cannot get a web consensus of this quote:

Tyler Durden: "WHOA! WHOA! WHOA! Ok, you are now firing a gun at your
'imaginary friend' near 400 GALLONS OF NITROGLYCERINE!"

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Piggott said something like:


So funny that this was just on last nite. I love that movie. One of Pitts
best roles---next to 12 monkey's

Note: I cannot get a web consensus of this quote:

Tyler Durden: "WHOA! WHOA! WHOA! Ok, you are now firing a gun at your
'imaginary friend' near 400 GALLONS OF NITROGLYCERINE!"

One of my friends asked me where Tyler Durden was at the end of the movie

Quite possibly one of the most disturbing films I've seen, but it's got
some strange watchability to it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)

iD8DBQFExPSz7uRVdtPsXDkRArw/AJ4r/w/bKmPdPVVBts3KFzM8EAJZVwCdHguS
xrz9JbCxj4HdWM2gQ1JiSqQ=
=LcJ2
-----END PGP SIGNATURE-----

 

[Ant]

i seem to recall someone telling me it was possible to call arbitrary
versions of java through *javascript*

Certainly javascript can instantiate and use java objects, but I can't
see from looking at the documentation how it can cause a particular VM
to be loaded.

(which is obviously not bound by java's security rules)...

Presumably there are limitations on what scripts are permitted to do
in the Internet zone, but I'm not clear about what they might be.

 

[Thomas G. Marshall]

Adam Piggott said something like:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas G. Marshall wrote:
....[ker-shnipity]...

So funny that this was just on last nite. I love that movie. One of
Pitts
best roles---next to 12 monkey's

Note: I cannot get a web consensus of this quote:

Tyler Durden: "WHOA! WHOA! WHOA! Ok, you are now firing a gun at your
'imaginary friend' near 400 GALLONS OF NITROGLYCERINE!"

One of my friends asked me where Tyler Durden was at the end of the movie

Was your friend a woman? They often don't get such things I've discovered.

Quite possibly one of the most disturbing films I've seen, but it's got
some strange watchability to it.

There are some movies that when watching you know *instantly* that it's
going to be a cult classic. That was one of them, and is filled with great
lines. I don't want to comment on the Tyler Durden thing you mention in
case dreg of humanity here hasn't yet seen the movie.

 

[Thomas G. Marshall]

Thomas G. Marshall said something like:

Adam Piggott said something like:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas G. Marshall wrote:
...[ker-shnipity]...

So funny that this was just on last nite. I love that movie. One of
Pitts
best roles---next to 12 monkey's

Note: I cannot get a web consensus of this quote:

Tyler Durden: "WHOA! WHOA! WHOA! Ok, you are now firing a gun at your
'imaginary friend' near 400 GALLONS OF NITROGLYCERINE!"

One of my friends asked me where Tyler Durden was at the end of the movie

Was your friend a woman? They often don't get such things I've
discovered.

Quite possibly one of the most disturbing films I've seen, but it's got
some strange watchability to it.

There are some movies that when watching you know *instantly* that it's
going to be a cult classic. That was one of them, and is filled with
great
lines. I don't want to comment on the Tyler Durden thing you mention in
case dreg of humanity here hasn't yet seen the movie.

....in case *some* dreg... (not pointing at anyone in particular)...