| CNN WEB SITES:
Symantec spots first Java virus
August 19, 1998
Web posted at: 11:15 AM EDT
by Ellen Messmer
(IDG) -- Symantec, a maker of antivirus software, said it has spotted the first Java virus. However, the company said Java
users should not be alarmed because the virus, which was recently posted on a hacker Web site, isn't deliberately
destructive and the security features in Java browsers make it unlikely the virus could infect a user's files.
The Java virus, said to weigh in at about 3,890 bytes, can replicate itself across any machine running the Java
Virtual Machine, said Cary Nachenberg, chief researcher at Symantec's antivirus research center. It tries to
search for Java class files, and when it finds them, it inserts itself into them.
"It does nothing intentionally malicious," said Nachenberg about the Java virus. The virus is the first of its kind in a
cyberspace now populated with tens of thousands of different virus programs, many of them designed to be
transported via Microsoft's mail program. "This one is parasitic, replicating in native Java class files."
However, he acknowledged the Java virus might be inadvertently capable of doing damage to Java class files
because it can change the way the file handles error-checking and exception handling once it has been infected.
Although Java browsers, which use a "sandbox" security method, should keep the virus from infecting the user's
drive, there is concern that Java virus writers may come up with more effective delivery methods to outwit the
Java browser's security.
"This is clearly a fundamental new class of virus," he said. "It seems to be a kind of proof of concept, and we can
expect to see more viruses of this type."
Symantec said it will have an antivirus update for the Java virus on its Web site Thursday at www.symantec.com
for Norton AntiVirus software users who may be concerned. "At this point, though, this is not a major threat to
users," Nachenberg emphasized.