[Owasp-singapore] Does anyone know whether there is a similar known exploit in Java framework like this for .Net?

Wong Onn Chee ocwong at usa.net
Mon Apr 20 10:46:08 EDT 2009


  Researcher offers tool to hide malware in .Net


http://www.networkworld.com/news/2009/041709-researcher-offers-tool-to-hide.html?nlhtsec=rn_042009&nladname=042009securityal


".Net-Sploit allows a hacker to modify the .Net framework on targeted
machines, inserting rootkit-style malicious software in a place
untouched by security software and where few security people would think
to look, said Erez Metula, the software security engineer for 2BSecure
who wrote the tool.

"You'll be amazed at how easy it is to devise an attack," Metula said
during a presentation at the Black Hat security conference in Amsterdam
on Friday.

.Net-Sploit essentially lets an attacker replace a legitimate piece of
code within .Net with a malicious one. Since some applications depend on
parts of the .Net framework in order to run, it means the malware can
affect the function of many applications."


Any Java guru out there?


Regards
Onn Chee




More information about the Owasp-singapore mailing list