Combating a spate of Java malware with machine learning in real-time (Microsoft)

Discussion in 'malware problems & news' started by ronjor, Apr 20, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,785
    Location:
    Texas
    msft-mmpcApril 20, 2017
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    4,522
    Location:
    U.S.A.
    The question is who still has Java installed? I removed it long ago due to security issues.

    I also just checked my Win 10 file associations for .jar. The extension doesn't exist. I believe it only does so when Java is installed.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    4,522
    Location:
    U.S.A.
    Also for clarification, you cannot run executable code directly from a .jar file as for example, can be done from a .hta file. You have to create the executable code outside of JAVA RTE and run it from the .jar file as done below:
    http://stackoverflow.com/questions/11339979/how-to-execute-script-from-jar-file

    The Microsoft article shows the execution of .vbs script malware. If you're on Win 10 and using an AV product that uses the AMSI interface which Windows Defender also uses, the script would be intercepted and scanned for malware signature prior to execution.

    -EDIT- So what we are talking about here is pattern matching machine learning; something AV vendors like Eset have been doing for years.
     
    Last edited: Apr 21, 2017
Loading...