Jack has posted 1 posts at DZone. View Full User Profile

Java Web Applications Spread Bots and Keyloggers?

08.12.2008
| 5801 views |
  • submit to reddit
In its report, Cybercrime Trends for 2008, Symantec claims, "Java-based Web applications—small programs, such as video players or interactive maps, that launch themselves from a Web page—are proliferating, which will provide a growing opportunity for cyberthieves to spread bots, keyloggers, and other malicious software."

Java-based web applications, like most web applications, end up rendering HTML, so are no more likely to spread malware than plain ol' HTML. From the description, I think Symantec is really talking about applets.

Has there been an outbreak of Java applets spreading bots, keyloggers, or other malicious software? I always thought the Java applet sandbox was pretty safe. In fact, most complaints I've heard are about the sandbox being too restrictive.

AttachmentSize
bot.jpeg2.5 KB
Published at DZone with permission of its author, Jack Frosch.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Mr B Loid replied on Tue, 2008/08/12 - 1:20pm

I wish there was a way of specifying which resources it was you needed to use, so that the end use can make a more informaed decision as to whether to trust your JWS application or not.  It seems to be a all-or-nothing scheme at the moment, wheras I would prefer it asked you whether you wanted to allow the application to do something with maybe a message from the developer explaining why they need this...  At worst, some mechanism for explaining to the user why they need to click "Trust" rather than just the current dialog

 Also, a lot of JWS applications I see ask for full access, when they shouldn't need any at all, eg:

http://www.jroller.com/santhosh/entry/jcombobox_items_with_separators

 This (in my opinion) just gets people used to clicking "Trust" rather than thinking whether or not this is a good choice...

Jose Maria Arranz replied on Tue, 2008/08/12 - 2:55pm

Umm

If you look for in Google with the keywords: java applet virus

you hardly can find a virus report beyond 1998. Furthermore Java viruses are kindly gentleman because they say something like "Do you let me to take full control of your computer?" (and yes, some people say "yes")

This is a joke, none platform is free of security holes but qualifying Java applets as a preferred way to spread virus makes me laught.

 

Frank Beullens replied on Wed, 2008/08/13 - 10:09am

Well... they have to sell they're products, don't they?

@Bloid

  1. thats a developer resource your pointing to, let's hope that they at least know what they are doing
  2. most users will just click on the 'ok', 'yes', 'kill me'... or whatever button seems the most convenient. Showing them more information will just annoy them!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.