O'Reilly logo

Malicious Mobile Code by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Examples of Attacks and Exploits

Most attacks and exploits fall into the following categories:

  • Viruses and Trojans

  • Browser component exploits

  • Redirection exploits

  • Application interactions

  • Privacy invasions

With so much history to choose from, I tried to choose examples that would demonstrate the extent of the problem.

Viruses and Trojans

Pure HTML viruses have largely not been successful in causing widespread computer damage. HTML isn’t a language built to create objects or access the local system without a little bit of help. HTML viruses containing VBScript, JavaScript, and scripted calls to ActiveX objects have been slightly more successful, but still aren’t a large threat when coming over the Web. An HTML virus can be downloaded from a web site, but it will not be executed against the user’s local system unless saved and launched locally. And even then a browser’s security warnings have to be ignored. If allowed to run, an HTML virus can infect other HTML files on the local system. Since most client computers don’t act as web servers or send HTML files to others, HTML’s ability to spread beyond the local machine is muted.

HTML.Internal

HTML.Internal , written as a demonstration, was one of the first HTML viruses. It will only work on browsers that handle VBScript and ActiveX. That effectively limits it to Internet Explorer, versions 4.0 and above. And even then, default security should prevent the virus from spreading. Example 9-1 shows an excerpt of its source code.

Using VBScript, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required