JavaScript and malicious code?

Discussion in 'Computer Support' started by Lew, Jan 27, 2006.

  1. Lew

    Lew Guest

    AIUI, it was not all that long ago when the threat to personal users,
    was attachments that when executed compromised machines with keyloggers,
    trojans, etc.

    Now it seems that the big problem is reading a webpage or an HTML e-mail
    and getting affected through the scripting. My understanding is that
    the script downloads the malicious program from the web and sets it to
    run on start up through the start-up folder or in the registry.

    I don't know much about this; can someone suggest a good web site to
    start learning a bit more about these threats. I have googled, but I am
    not quire sure of the best search terms, and since there is so much
    information out there, a site that experienced people endorse would be a
    lot of help.

    In particular, it seems as if JavaScript dowloading a trojran without
    the user clicking an attachment is a big problem.

    Thanks.
     
    Lew, Jan 27, 2006
    #1
    1. Advertising

  2. Lew

    °Mike° Guest

    In message <l9xCf.14501$>,
    Lew took 19 lines to impart the following:

    >AIUI, it was not all that long ago when the threat to personal users,
    >was attachments that when executed compromised machines with keyloggers,
    >trojans, etc.
    >
    >Now it seems that the big problem is reading a webpage or an HTML e-mail
    >and getting affected through the scripting. My understanding is that
    >the script downloads the malicious program from the web and sets it to
    >run on start up through the start-up folder or in the registry.
    >
    >I don't know much about this; can someone suggest a good web site to
    >start learning a bit more about these threats. I have googled, but I am
    >not quire sure of the best search terms, and since there is so much
    >information out there, a site that experienced people endorse would be a
    >lot of help.
    >
    >In particular, it seems as if JavaScript dowloading a trojran without
    >the user clicking an attachment is a big problem.
    >
    >Thanks.


    Malicious Web Scripts FAQ
    http://www.cert.org/tech_tips/malicious_code_FAQ.html

    Web Browser Vulnerabilities: Is Safe Surfing Possible?
    http://www.windowsecurity.com/articles/Web-Browser-Vulnerabilities.html

    Safe Surfing
    http://www.pcpitstop.com/spycheck/safesurfing.asp

    Safe Hex
    http://www.claymania.com/safe-hex.html

    Safe Computing Guide
    http://www.trendmicro.com/pc-cillin/vinfo/safe_computing/
    http://www.trendmicro.com/en/security/general/guide/overview.htm

    Protect your PC
    http://support.microsoft.com/default.aspx?scid=/directory/worldwide/en-gb/protect.asp

    Safe Computing Practice
    http://users.iafrica.com/c/cq/cquirke/safe2000.htm

    Safe Computing Practices (Safe Hex)
    http://www.cknow.com/vtutor/vtsafecompute.htm

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jan 27, 2006
    #2
    1. Advertising

  3. Lew

    Mike Easter Guest

    Lew wrote:
    > AIUI, it was not all that long ago when the threat to personal users,
    > was attachments that when executed compromised machines with
    > keyloggers, trojans, etc.


    Executing a malware executable by clicking on it has always been a
    problem whether it comes in the email or on a floppy or CD or
    downloaded.

    > Now it seems that the big problem is reading a webpage or an HTML
    > e-mail and getting affected through the scripting.


    The scripting or html can potentially 'execute' or 'perform', depending
    upon the insecure configuration.

    > My understanding
    > is that the script downloads the malicious program from the web and
    > sets it to run on start up through the start-up folder or in the
    > registry.


    There are many html, scripting, and non-html non-scripting
    vulnerabilities. The latest vulnerability of some interest is the WMF
    or windows metafile vulnerability related to 'MICE' where the mice
    acronym means metafile image code execution vulnerability. This is a
    different kind of problem for Win2K and XP than the 9x family.

    > I don't know much about this; can someone suggest a good web site to
    > start learning a bit more about these threats.


    All threats that have to do with windows insecurities? Some windows not
    all? All threats that have to do with html and/or scripting
    vulnerabilities as they relate to just the browser html rendering engine
    subsystem vulnerabilities? How to configure your browser and your
    mailuser agent securely?

    > I have googled, but I
    > am not quire sure of the best search terms, and since there is so much
    > information out there, a site that experienced people endorse would
    > be a lot of help.


    There certainly is a lot of information -- I'm not sure where to start.

    > In particular, it seems as if JavaScript dowloading a trojran without
    > the user clicking an attachment is a big problem.


    If you allow 'various' scripts to run and do things which you don't know
    about, you are insecure -- where the degree of insecurity is influenced
    by the particular script in question.


    --
    Mike Easter
     
    Mike Easter, Jan 27, 2006
    #3
  4. Lew

    Mike Easter Guest

    Mike Easter, Jan 28, 2006
    #4
  5. Lew

    °Mike° Guest

    In message <43dab3ed$0$72593$>,
    Mike Easter took 24 lines to impart the following:

    <snip>

    >One of the trendmicro links is broken -- I can find a similar .au one
    >searching on safe_computing at the site.
    >
    >http://www.trendmicro.com.au/consumer/security_info/save_computing_guide.php
    >
    >But I don't know if that is like the one which used to be in the
    >pc-cillin vinfo section.


    I honestly don't remember the exact PC-Cillin page, but it appears to
    be the same one, because:
    www.trendmicro.com.au/vinfo/safe_computing/

    redirects to the link you gave above. I will be updating my list with
    the UK link (same info).

    Safe Computing Practices
    http://uk.trendmicro-europe.com/smb/security_info/save_computing_guide.php


    This PDF document is also worth reading:

    A Guide to Security
    http://uk.trendmicro-europe.com/smb/downloads/SecurityGuide_download.pdf

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
     
    °Mike°, Jan 28, 2006
    #5
  6. Lew

    Plato Guest

    Plato, Jan 28, 2006
    #6
  7. Lew

    zarathustra Guest

    Lew <> gibbered:

    >AIUI, it was not all that long ago when the threat to personal users,
    >was attachments that when executed compromised machines with keyloggers,
    >trojans, etc.
    >
    >Now it seems that the big problem is reading a webpage or an HTML e-mail
    >and getting affected through the scripting. My understanding is that
    >the script downloads the malicious program from the web and sets it to
    >run on start up through the start-up folder or in the registry.
    >
    >I don't know much about this; can someone suggest a good web site to
    >start learning a bit more about these threats. I have googled, but I am
    >not quire sure of the best search terms, and since there is so much
    >information out there, a site that experienced people endorse would be a
    >lot of help.
    >
    >In particular, it seems as if JavaScript dowloading a trojran without
    >the user clicking an attachment is a big problem.


    It's getting that way - byteverify being the most common culprit. It's
    designed to exploit the MS Java VM (virtual machine), so use the Sun
    version:
    http://www.java.com/en/download/help/cache_virus.xml

    >
    >Thanks.
     
    zarathustra, Jan 29, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David H. Lipman
    Replies:
    0
    Views:
    465
    David H. Lipman
    Nov 16, 2003
  2. David H. Lipman
    Replies:
    1
    Views:
    452
    N. Miller
    Nov 20, 2003
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Malware: Fighting Malicious Code", Ed Skoudis

    Rob Slade, doting grandpa of Ryan and Trevor, Feb 19, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    601
    Rob Slade, doting grandpa of Ryan and Trevor
    Feb 19, 2004
  4. Wong Yung

    Malicious javascript obfustication

    Wong Yung, Oct 23, 2006, in forum: Computer Security
    Replies:
    46
    Views:
    1,739
    Sebastian Gottschalk
    Nov 7, 2006
  5. Shane

    To Javascript, or not to Javascript

    Shane, Aug 29, 2005, in forum: NZ Computing
    Replies:
    5
    Views:
    497
    Waylon Kenning
    Aug 30, 2005
Loading...

Share This Page