I wanted to share this with the community. I wanted to investigate an app called Hacker Defense suite. I googled for it and upon clicking one of the website's titles I received a virus - just by visiting the site.
I have confirmed this by disabling Java in Firefox and did not receive a warning - enabled it and again received the warning.
So I reported it at a securty site:
Lynch, See my post above and let us know. I'm very interested to know if this was a classloader trojan or a js.classloader false alarm.Ultimately, it's just a zip file. I would have to unzip it and execute it.For one, there is no indication that it's a crack site or "underbelly of the web" It is the application's website.Originally Posted by Gerard Morentzy
I'm using Java 1.5.0-b64
I checked at jotti's - reported possible malware because of packers and length of time in sandbox. (the app itself, not the virus reported)
I'll go check to see if it's quarantined
**edit - I was wrong about it being the apps website. This website start off as tmr.net[edited] - still no way to tell what kind of site it is.
**edit - I went back to the site AV alerted me a virus was on computer. I put it in Avast virus chest (loaderadv303.jar-12be7432-7b67d684.zip) - I went to jotti's http://virusscan.jotti.dhs.org/ - here are the results:
TR/Forten.Java.2 (0.25 seconds taken)
JS:Classloader-6 (1.52 seconds taken)
Java.Trojan.Exploit.Bytverify, Java.Trojan.Downloader.OpenStream.C (0.61 seconds taken)
Java.ClassLoader.24564 (0.59 seconds taken)
Trojan.ClassLoader, Exploit.ByteVerify (0.92 seconds taken)
destructive program (0.10 seconds taken)
Trojan.Java.ClassLoader.h, TrojanDownloader.Java.OpenStream.c, Trojan.Java.ClassLoader.d (1.00 seconds taken)
Trojan.Downloader.Java.Loader.H (0.37 seconds taken)
Java/ClassLoader.H, Java/ClassLoader.B (0.65 seconds taken)
Norman Virus Control
No viruses found (0.21 seconds taken)