|Place of Origin||Australia|
|Platform||Java Runtime Environment|
|Infection Length||3,894 bytes*|
Strangebrew is the first Java virus. As it runs on Java, it can run on any computer with the Java Runtime Environment, regardless of the operating system or processor it is running on. While Java applets are common on the internet, Strangebrew cannot infect a computer through the internet, even if it runs an infected Java applet.
When a Strangebrew infected file is executed, it searches the current directory for files with a .class extension, which are executables for the Java platform. It checks if the file has a size divisible by 101, indicating the file is likely already infected with Strangebrew, and avoids infecting them. Strangebrew also has some other criteria for determining if the file is suitable for infection. If it finds an uninfected .class file that is unsuitable, it inserts code to make the file size divisible by 101, so it will be passed over the next time the virus is run. When it finds a class file meeting all of its criteria for infection, it writes its code to the main entry point of the file. The virus itself takes up 3,894 bytes, but the actual increase in file size will be rounded up so it is divisible by 101.
The virus is not able to spread over the internet or even locally when using Java applets through a browser, even infected ones. When run as an applet, it displays a warning message and terminates the virus. It must be run as a native Java application.
The virus may not always gain control of the infected application, as this depends on how the application is used. In addition, it contains some bugs which may cause the application to be corrupted.
Strangebrew was coded by an Australian university student, going by the handle "Landing Camel". He created Strangebrew to show potential security problems with the Java platform. Symantec claimed credit for discovering the virus with its web spider "Seeker", which crawls the web and sends files to Symantec for analysis.
Strangebrew never made it into the wild. The security features in all popular browsers at the time would prevent the virus from infecting computers through the web browser.
Mikko Hypponen, Juha Kaki, Jarno Niemela. F-Secure F-Secure Virus Descriptions : StrangeBrew 1998.08-2001.08
Kaspersky Lab, Virus.Java.StrangeBrew. 2000.01.12
Carey Nachenberg, Eric Chien. Symantec, JavaApp.Strange Brew. 2007.02.13
Matthew Nelson. Javaworld, Developer creates the first Java virus and names it 'Strange Brew'. 1998.09.01
Symantec Press Release, Symantec AntiVirus Research Center Finds First Cross-Platform Java Virus. 1998.08.19