August 19, 1998 Web posted at: 11:15 AM EDT
by Ellen Messmer From...
(IDG) -- Symantec, a maker of antivirus software, said it has spotted the
first Java virus. However, the company said Java users should not be
alarmed because the virus, which was recently posted on a hacker Web
site, isn't deliberately destructive and the security features in Java
browsers make it unlikely the virus could infect a user's files.
The Java virus, said to weigh in at about 3,890 bytes, can replicate
itself across any machine running the Java Virtual Machine, said Cary
Nachenberg, chief researcher at Symantec's antivirus research center. It
tries to search for Java class files, and when it finds them, it inserts
itself into them.
"It does nothing intentionally malicious," said Nachenberg about the Java
virus. The virus is the first of its kind in a cyberspace now populated
with tens of thousands of different virus programs, many of them designed
to be transported via Microsoft's mail program. "This one is parasitic,
replicating in native Java class files."
However, he acknowledged the Java virus might be inadvertently capable of
doing damage to Java class files because it can change the way the file
handles error-checking and exception handling once it has been infected.
Although Java browsers, which use a "sandbox" security method, should
keep the virus from infecting the user's drive, there is concern that
Java virus writers may come up with more effective delivery methods to
outwit the Java browser's security.
"This is clearly a fundamental new class of virus," he said. "It seems to
be a kind of proof of concept, and we can expect to see more viruses of
Symantec said it will have an antivirus update for the Java virus on its
Web site Thursday at www.symantec.com for Norton AntiVirus software users
who may be concerned. "At this point, though, this is not a major threat
to users," Nachenberg emphasized.