OS/400 Alert: Microsoft Closes the Doors on JVM

March 24, 2004 Shannon O'Donnell

This issue of “OS/400 Alert” lets you in on what was an inevitable move by Microsoft in announcing it will no longer support or provide its own Java Virtual Machine. We’ll also let you know what to do if you find a bug in one of IBM‘s Licensed Program Products. And if you ever felt sorry for hackers, thinking these poor folks must have no friends or social life, you might be surprised to learn the number of Web sites devoted to the hacker lifestyle.

SUPPORT FOR MICROSOFT JVM TO END SOON

In what is likely one of the last shots in the JVM wars, Microsoft has announced that it will no longer support its own Java Virtual Machine in September 2004. Microsoft recommends that you download one of the other available JVMs, such as Sun Microsystems‘. Dropping support for the Microsoft JVM is part of the ongoing lawsuit settlement between software giants Microsoft and Sun Microsystems. According to the terms of the agreement, Sun and Microsoft will limit the duration of Microsoft’s use of Sun’s JVM source code and will stop performing JVM compatibility tests. Details on this announcement, and information about replacing your Microsoft JVM, can be found on Microsoft’s Web site.

HOW TO REPORT PROBLEMS TO IBM

Have you ever wondered what you should do if you discover a problem with one of IBM’s Licensed Program Products? IBM has a whole program devoted to reporting problems and having IBM work with you to resolve them. This program, called IBM Program Services, lets you report a problem either via the Internet or through your telephone. More information on reporting problems and taking part in this program can be found on IBM’s Web site.

GOING TO THE SOURCE FOR HACKING

If you are an AS/400 programmer or administrator, chances are you “hang out” with other AS/400 professionals on the various online forums and Web sites devoted to our venerable platform. But where do you go if you’re a hacker? Is there even a common ground on the Web where hackers can go to share ideas about cracking the latest Microsoft kernel or bringing down the most recent version of Linux?

Surprisingly, the answer is yes. In fact, we’ve discovered hundreds of Web sites devoted to hackers. Going on the theory that being forewarned is being forearmed, here are just a few of our favorite hacking Web sites:

HackerIntel alerts you to various hacking attacks around the world, including the recent theft of thousands of Social Security numbers and test scores from the University of California.

Hacktivismo collects information about the latest hacks going on around the world and provides readers with information on what the authors feel are attacks on the rights of free speech on the Internet. The content is more than a little off the wall, but is interesting reading.

2600 is the original hacker’s heaven. This site organized the lifestyle of hacking into a loosely cohesive forum for hackers and hacker wannabes to share information. If you’re interested in the latest hacking initiatives, directions, and lawsuits, this site is for you.

Zambeel is a pseudo search engine Web portal that offers links to software and training courses in “how to hack.” If you are a would-be hacker but don’t know where to begin, this might be a good place to start.

THIS WEEK’S NASTY WINDOWS WORRIES

The following information is from www.symantec.com.

W32.Netsky.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the e-mail addresses it finds when scanning hard drives and mapped drives. The “sender” of the e-mail is spoofed, and its subject line and message body of the e-mail vary. The attachment name varies with .exe, .pif, .scr, or .zip file extensions. This worm also tries to spread itself via various file-sharing methods by copying itself into directories with an enticing file name.

W32.Witty.Worm uses a vulnerability in ICQ parsing by ISS products. The worm sends itself to multiple IP addresses on source port 4000/UDP and a random destination port. The worm is a memory-only-based threat and does not create files on the system. This worm has a payload of overwriting random sectors of a random hard disk.

Download.Chamber displays a (configurable) fake error message when it is executed. While the message is displayed, it downloads a potentially malicious file from a configurable URL to a configurable location on your computer.

Download.Chamber.Kit a kit that allows an attacker to create a downloader. The file that it creates is detected as Download.Chamber.

Trojan.Bookmarker.G modifies Internet Explorer settings, adds bookmarks to Internet Explorer Favorites, and downloads other programs.

Trojan.Linst attaches itself to Internet Explorer and sends information to a Web server.

Trojan.Regsys modifies registry settings and delete files from an infected system.

W32.HLLW.Antinny.G worm is a variant of W32.HLLW.Antinny. It spreads using the Winny file-sharing network. The worm steals personal information, including name, e-mail, and files, and sends it to a file-sharing network. The worm has the Notepad icon or a Windows folder icon.

W32.HLLW.Polybot is a worm that attempts to spread through network shares that have weak passwords, and allows attackers to access an infected computer using a predetermined IRC channel. The worm uses multiple vulnerabilities to spread, including the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135; the RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445; and the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.

PTF’s AND FIXES FOR OS/400 AND RELATED PROGRAMS

IBM released the latest cumulative package for V5R2 customers on January 21.

The latest HIPER package was released March 3.

The Database Group PTF was updated February 26.