Java Watch 4/26/2017: New Java Trojans, Amazon SQS, Stanford CS Dept. Dropping Java, More

Here's a roundup of recent news and product announcements around Java and Java-related technologies:

  • A recent spike in Java-based remote access Trojan variants, lovingly known a jRATs, caught the attention of Zscaler, a cloud-based security-as-a-service provider based in San Jose, Calif. The company's ThreatLabZ team noticed the increase of these varmints -- which give attackers a backdoor into a victim's system and allow the attacker to take control of the system remotely -- and posted a warning on its blog.

    Zscale security researchers Sameer Patil and Jithin Nair authored the post, which includes a thorough description of the threat, along with illustrations and code samples.

    "Malware authors are using numerous tactics to entice unsuspecting users to open infected attachments," the researchers wrote, "which arrive as malicious JAR files. Most recently, we've seen filenames such as 'IRS Updates.jar' and 'Important_PDF.jar,' claiming to contain important tax deadline information from the IRS. We've also identified JAR files claiming to be purchase orders or other important documents. When a user opens the file thinking it is an actual communication from the IRS, or said party, the jRAT payload gets installed on the user's machine."

    The warning came just before the annual tax filing deadline.

  • Amazon's Simple Queue Service (SQS) now allows users to send messages to, and receive messages from, SQS first-in-first-out (FIFO) queues with applications that use the service. SQS is Java Message Service (JMS) interface for the SQS, which is a fully managed message queuing service designed to enable communication between distributed software components and microservices at any scale. Amazon's SQS FIFO queues, which are the newest queue type, are designed to ensure that the order in which messages are sent and received is strictly preserved, and that each message is processed exactly once.

    SQS is an open-source client that supports the JMS 1.1 specification for message queues. It supports sending text, byte or object messages synchronously to SQS queues. It also supports receiving objects synchronously or asynchronously.

  • The public review period for the Java Servlet 4 specification (JSR 369) started on April 20 and will end on May 20. This is the final step before balloting, which starts on May 23 and concludes on June 5.

    The goal of this JSR, according to its JCP Web page is "to expose support for the upcoming IETF standard HTTP/2 to users of the Servlet API." There's also a secondary goal: "to refresh the Servlet API to achieve compliance with new features in HTTP 1.1, as well as responding to community input."

    A Java EE community survey, conducted late last year by Oracle, asked respondents to rank 21 component technologies in the company's enterprise Java roadmap. Servlet 4.0 was considered one of the most important technologies, along with JAX-RS, OAuth and OpenID, Configuration, Evening, and JSON-B.

    "Servlet 4 is easily one of the most critical components of Java EE 8," wrote Reza Rahman, longtime Java evangelist and co-founder of the Java EE Guardians, in a recent blog post. "The primary aim of Servlet 4 is to bring first-class, core standards based HTTP/2 support to the server-side Java ecosystem. Most of the changes in Servlet 4 (with the exception of things like the server push API) should be transparent to developers and are enforced in terms of requirements for Servlet 4 implementations to fully support HTTP/2."

    Rahman also published a useful slide deck for those want to learn more, entitled "HTTP/2 and What It Means for the Java EE Ecosystem."

    The Java Servlet 4 spec can be downloaded from the Java Community Process Web site.

  • Java will soon be replaced with JavaScript as the programming language taught in introductory computer science classes at Stanford University. According to The Stanford Daily, Eric Roberts, emeritus professor of computer science -- and the author of intro textbook, The Art & Science of Java -- has been working on the transition for the past five years. Roberts has written a new textbook, and he has been creating assignments and training teaching assistants, the Daily reported.

    New computer science students have been learning Java since it was added to the curriculum in 2002, but the language is now "showing its age," Roberts told the paper. JavaScript has taken Java's place as the "language of the Internet," he said. The pilot class, CS106A, began using JavaScript in April.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].