It’s important to understand that a jar is essentially just a zip archive, a file-format you’ve probably seen since you started using computers. To get more details on this, check out Segura’s blog entry on this here. The landing page, “sexy.html”, loads the jar as an applet and points to Q.class, a Java class file within the jar. This sample was provided by Malwarebytes researcher Jerome Segura and is called “sexy.jar”. Let’s take a look at one java archive (“jar”) we’ve seen in the wild that not only contains multiple exploits but also has an encrypted malware payload. #Jarfix malwarebytes how toEven still in March, an emergency patch was issued to address even more vulnerabilities.īecause we’re seeing java used more in malware, it’s important for researchers to know how to analyze and understand java code. Then in February, after seeing a Java patch with over 50 security fixes, reports surfaced thereafter that Bit9 was hacked using a separate java zero-day. If you recall in January, we saw a zero-day later found to be responsible for intrusions into companies like Microsoft, Apple, Facebook, and Twitter. This year has been a shaky start for the cross-platform web technology, where it seems the number of documented vulnerabilities is hard to number. As researchers find more security flaws in Oracle Java, the software continues to be used for exploitation and malware delivery.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |