Combating a spate of Java malware with machine learning in real-time (Microsoft)

Discussion in 'malware problems & news' started by ronjor, Apr 20, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    162,650
    Location:
    Texas
    msft-mmpcApril 20, 2017
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    The question is who still has Java installed? I removed it long ago due to security issues.

    I also just checked my Win 10 file associations for .jar. The extension doesn't exist. I believe it only does so when Java is installed.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Also for clarification, you cannot run executable code directly from a .jar file as for example, can be done from a .hta file. You have to create the executable code outside of JAVA RTE and run it from the .jar file as done below:
    http://stackoverflow.com/questions/11339979/how-to-execute-script-from-jar-file

    The Microsoft article shows the execution of .vbs script malware. If you're on Win 10 and using an AV product that uses the AMSI interface which Windows Defender also uses, the script would be intercepted and scanned for malware signature prior to execution.

    -EDIT- So what we are talking about here is pattern matching machine learning; something AV vendors like Eset have been doing for years.
     
    Last edited: Apr 21, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.