August 28, 1998 — What may be the first Java virus on the Web has been posted in the Codebreakers electronic magazine.
The virus, called Strange Brew and created by a developer who goes by the code name “Landing Camel,” does not seem to be extremely dangerous to users because inherent security capabilities built into Java-enabled browsers can defeat it. The Australian university student who developed Strange Brew did so to show inherent problems in Java.
The virus does prove that self-replicating viruses can be created and delivered using the Java programming language, said Carey Nachenberg, chief researcher at Symantec Anti-Virus Research Center (SARC).
“It is capable of infecting both Java applications and Java applets, but is only capable of spreading from Java applications,” Nachenberg said. “If an applet were to be infected by the virus, that applet would be infected. However, when the applet would be used in secure Web browsers, such as Netscape Navigator or Internet Explorer, the applet would be immediately terminated because of the security features in the browsers.
“This is really not a threat to end users, but it is important that it is a proof of concept and a whole new class of viruses that we have never seen before,” Nachenberg added. “The only users who should be remotely worried are those users who are doing Java development.”
Because Strange Brew is a direct-action virus, once it contacts a system it will attempt to replicate itself in other Java applications or applets, but currently it does not attempt any other action.
Although applets operating in a browser are not at risk from the virus because of Java’s security features in Web browsers, standalone Java applications may be vulnerable, Nachenberg said.
Also, although the virus is benign, it can corrupt and disable files due to its own design flaws.