O'Reilly logo

Malicious Mobile Code by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Example Java Exploits

This section includes several examples of malicious Java code, including annoying applets, applets that break the sandbox, and Java viruses.

Annoying Applets

Java programmer Dr. Mark D. LaDue has a web site called the Hostile Applets Home Page (http://www.cigital.com/hostile-applets) dedicated to simple proof-of-concept malicious Java programs. The next two examples of hostile code are taken from Mark’s site.

Java.NoisyBear

Mark’s most famous creation, NoisyBear, appears as a picture of a bear with a clock superimposed over his belly. The clock emits an annoying drum noise that will not stop until you close your browser. A malicious applet of this type could be downloaded with the user thinking they are simply getting a picture file. During early speculation surrounding malicious Java applets, it was thought by some that simply moving to a new web page, would make the applet lose control of the browser and stop. Mark’s NoisyBear, shown in Figure 10-4, disproved that belief.

The NoisyBear applet

Figure 10-4. The NoisyBear applet

Hostile Thread Java applet

This example applet showed how easy it is to let a malicious Java applet activate, but then go into a long delay mode. Security experts fear the release of such hostile applets. By the time the applet goes off and crashes the browser, the user would probably end up blaming something else. The Hostile Thread applet eventually starts ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required