Symantec’s Anti Virus Research Center (SARC) has reported the first known virus to infect Java applets and applications. Because Java runs on virtual machines on practically any operating system from Windows 95 ot a Cray supercomputer, Strange Brew also claims the distinction of being the first cross- platform virus. Java was always intended to run distributed applications across networked devices, so its original developers paid careful attention to security. In particular, they built a ‘sandbox’ designed to confine Java applets, thus preventing them from executing potentially damaging behavior on the client machine. As a result of these and other measures, Java security flaws, though widely reported, have been relatively few and far between (CI No 3,444). Oddly enough, the new virus reflects this investment in security. While Strange Brew may damage Java executable files, it is considered unlikely to cause serious harm. It is not loose in the wild and no users are known to have been affected. It’s also fairly difficult to transmit. Symantec itself says it does not consider Strange Brew a threat to typical end-users or corporations. However it does say that anyone doing Java development on the web is at some risk of having their .class files infected or corrupted. Strange Brew is a parasitic virus which attaches itself to Java .class files. When such a file is launched, the virus attempts to infect other files. If it can’t, it hands control of the client back to the host application and terminates itself. Symantec reports that the insertion process is poorly designed by viral standards, with several serious bugs that could cause Strange Brew to infect files incorrectly or crash. Ironically, the most serious threat of the otherwise benign virus – researchers call it a proof-of-concept rather than an actively malicious attack – is that a botched attempt at infection may corrupt a .class file. Telltale signs of infection include Java applications taking longer to load during startup or failing to operate at all. Symantec has posted detection tools on its homepage at http://www.symantec.com/. á
