Firing the roast - Java is heating up again

Kurt Baumgartner Kaspersky Lab

With the recent explosion in prevalence of both client-side Java exploitation and Android malware development, Java/Dalvik malcode analysis has become more important than even a year ago. Java-related malcode can target a variety of components and embody a variety of functionality: exploitation of the Java runtime environment or the web browser plug-in, exploitation of the Android OS, or run as obfuscated standalone code. A variety of debugging, instrumentation and decompiling tools all individually have their own strengths and weaknesses for Java malcode analysis. For writing CVE-2010-0840 exploits, the usual compilers are dismissed and class file bytecode is manually created. In turn, how are the usual tools affected and how does that effect our malcode analysis? At the same time, vendors describe Droid malcode as becoming more complex - is it because of complexity of functionality, implementation, or obfuscation and encryption? What tools do analysts find useful for reversing these packages and why? Why aren't public sandboxes and toolsets handling Java malcode runtime analysis and reporting?

This paper examines and categorizes the types of Java malcode in the wild over the past year, its prevalence, the obfuscation and anti-reversing techniques embedded in it, the Java components affected and the best tools to tackle these challenges.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

VB2014
VB2014 VB2014 will take place 24 - 26 September 2014 at the Westin Seattle hotel, Seattle, WA, USA.

Virus Bulletin currently has 231,338 registered users.