Java Backdoor

Printable View

November 29th, 2001, 01:25 AM
KloWn

Java Backdoor

I have been trying to learn bout the security of computers and all. Mostly not to attack someone but to protect myself. I came across an article at astalavista.com and it was talking about how you can create a Java trojan. Basicly it was saying you can open a backdoor through Java and a webpage, and that if anyone goes to your page will have that backdoor open. I was wandering if this was really possible and if so how could i protect myself? I am sorry if this question has already been asked and answered but I am really curious.

:jester:KloWn:jester:
November 29th, 2001, 11:04 PM
Simon Templer

Hello KloWn,

I personally have not heard of that particular java backdoor you are referring too... Could you please post the link where you find it?

However, I have seen some malicious java code that sent certain information to a server...But at the moment I don't remember if they were applets or applications. If you are worried about mischievous java applets...then I suggest you disable java in your browser.

Although, there have been several exploits that allowed crafty webmasters/designers to either steal files or infect your computer.

For Example: I remember an exploit called Cuartango's window... which used some clever JavaScript and forms to upload files from a visitors computer. For example...a web designer could use Cuartangos window to steal your Windows Password File. This exploit is old, and patches have been released.

Another Example: There were several virii that exploited two Active X controls, which took the form of .HTA files, and I believe it was possible to become infected by visiting certain web sites.

My point being… is that if you are worried about getting infected with a backdoor then don’t “stray from the worn path” and stick to sites that you KNOW are safe. Otherwise your gonna have to “roll the dice and take your chances.” ;)

I wouldn’t worry about it too much, do a periodic check on your OS startup locations and make sure nothing peculiar is executing…stay current on virus news and virus scanner definitions, and you should be ok. :)

Is it possible? In the computer world ANYTHING is possible… :)

I hope you found this helpful and if you have further questions on the topic feel free to post them!! :)
November 29th, 2001, 11:17 PM
KloWn

Thanks

Thanks a lot that helped me out some. I didnt know that there was exploits that could be accessed with Java scripts and all. I guess its now time for me to check into it all. Well either way thanks

:jester:KloWn:jester:
November 30th, 2001, 01:33 AM
Terr

Heh. I just use Opera, since I trust the smaller company over the humungous-bloatware IE. I mean, they keep trying to add so many 'integration' features and 'stability-comes-second-to-eyecandy' stuff...

You can download opera without Java support, which is what I did. So far I can't say I'm really missing anything, Java isn't a large or important part of my browsing experience.
November 30th, 2001, 01:40 AM
Simon Templer

Oh yeah something else

Thanks... I'm glad you found that helpful

Here's something silmilar I forgot to mention:

There has been a recently discovered exploit for Internet Explorer 5.5 and 6 that allows EXE's to appear to be text files and if you choose to Open it from its current location it will execute without a security warning. :) (It was discovered by a subscriber to the Vuln-Dev mailing list available at SecurityFocus.com)

Just something else I forgot to mention :)

Good Luck in your studies!! :)
November 30th, 2001, 01:43 AM
KloWn

Opera

Hey where can I get opera like whats thier website? and thanks for all of your help yall...

:jester:KloWn:jester:
November 30th, 2001, 01:49 AM
Simon Templer

Opera

Opera can be found here: http://www.opera.com/ .... Although Opera is a better browser...don't let it give you a false sense of security. All browsers have there bugs, Just some more than others ;)

Stay current on Security News :) "An Ounce of Prevention Is Worth A Pound Of Cure"