Malicious programs that are installed via HTML.

Discussion in 'Computer Security' started by Lew, Jan 24, 2006.

  1. Lew

    Lew Guest

    AIUI, it was not all that long ago when the threat to personal users,
    was attachments that when executed compromised machines with keyloggers,
    trojans, etc.

    Now it seems that the big problem is reading a webpage or an HTML e-mail
    and getting affected through the scripting. My understanding is that
    the script downloads the malicious program from the web and sets it to
    run on start up through the start-up folder or in the registry.

    I don't know much about this; can someone suggest a good web site to
    start learning a bit more about these threats. I have googled, but I am
    not quire sure of the best search terms, and since there is so much
    information out there, a site that experienced people endorse would be a
    lot of help.

    Thanks.
    Lew, Jan 24, 2006
    #1
    1. Advertising

  2. Lew

    Winged Guest

    Lew wrote:
    > AIUI, it was not all that long ago when the threat to personal users,
    > was attachments that when executed compromised machines with keyloggers,
    > trojans, etc.
    >
    > Now it seems that the big problem is reading a webpage or an HTML e-mail
    > and getting affected through the scripting. My understanding is that
    > the script downloads the malicious program from the web and sets it to
    > run on start up through the start-up folder or in the registry.
    >
    > I don't know much about this; can someone suggest a good web site to
    > start learning a bit more about these threats. I have googled, but I am
    > not quire sure of the best search terms, and since there is so much
    > information out there, a site that experienced people endorse would be a
    > lot of help.
    >
    > Thanks.

    Lew,

    Scripting is one method of code injection to the local host. When code
    runs on the local machine there is the potential of compromise to the
    local host. To date there are no scripting languages I am aware of for
    webpages where an exploit has not existed at one time or another.

    Some vulnerabilities do not even require scripts to run, for example the
    recent WMF vulnerability can execute on viewing the graphic. Another
    method uses mime to compromise the mail host.

    There is a worm (Nyxem_e) currently making the rounds that executes in
    MIME (mail) format, no clicking or graphics required.

    Every plug-in (such as macromedia, quicktime, media player etc) allows
    more code types to run within the browser, thereby expanding exploit
    potential.

    Some methods to compromise a system require a series of code to run to
    break down the system defenses, these are layered threats and have a
    much higher probability of evading antivirus or other defenses.

    I know of no single site that defines all of the methods that might be
    used to access/compromise a system. New methods are seen almost daily.

    Understanding that running any untrusted code on the local machine opens
    the exploit window. Allowing some code varieties (activeX comes to
    mind) is more dangerous (generally) than, for example, java scripting.

    Email clients that allow code to run within the email when opened
    (outlook express) is "generally" more dangerous than clients which do
    not run scripts.

    Typically I do not run scripts of any sort in my browser unless the site
    I am visiting requires scripts and my need is greater than my concern
    for security, in which case I allow only the activity required for the
    site in question and turn off scripting functionalities once they are no
    longer required. Just because the script is being run from, for example
    Yahoo, does not mean the code is safe to run. Trust no one.

    Downloading files from the net and installing programs be it games
    toolbars or other code is extremely dangerous unless you are sure of the
    code source.

    Some very good reading can be found in the SANS reading room. SANS does
    a reasonable job keeping abreast of the compromise de' jour (handlers
    diary). The SANS site is: http://isc.sans.org/ (note link to reading
    room on top menu on page)

    Looking at vulnerabilities in commercial/production software I
    frequently use http://secunia.com/

    Both these sites support RSS which is useful to stay appraised of
    on-going threats on a regular basis.

    http://www.eff.org/ has a number of topics that are good reading. While
    this is not generally considered a "computer" site, they have a number
    of articles and papers that address various threats.

    This is a start, I am curious to see other folks advice on your
    question. I hope to find a good single answer.

    Winged
    Winged, Jan 24, 2006
    #2
    1. Advertising

  3. Lew

    Donnie Guest

    "Lew" <> wrote in message
    news:g9eBf.7398$...
    > AIUI, it was not all that long ago when the threat to personal users,
    > was attachments that when executed compromised machines with keyloggers,
    > trojans, etc.
    >
    > Now it seems that the big problem is reading a webpage or an HTML e-mail
    > and getting affected through the scripting. My understanding is that
    > the script downloads the malicious program from the web and sets it to
    > run on start up through the start-up folder or in the registry.
    >
    > I don't know much about this; can someone suggest a good web site to
    > start learning a bit more about these threats. I have googled, but I am
    > not quire sure of the best search terms, and since there is so much
    > information out there, a site that experienced people endorse would be a
    > lot of help.
    >
    > Thanks.

    ####################################
    I've been blocking all active scripting in IE for about 7 years now along w/
    cookies. Most prople won't do that because they can't view certain sites.
    That has prevented pop ups, worms and probably a host of other things. I
    don't even have an anti virus running.
    donnie.
    Donnie, Jan 24, 2006
    #3
  4. Lew

    Lars Guest

    Lars, Jan 25, 2006
    #4
  5. Lew

    Dave Keays Guest

    Lars wrote:
    > You use IE?
    > If you're worried about security get firefox.
    > www.mozilla.org/products/firefox
    >


    In Fx use the "NoScript" and "adblock" extensions.

    If you want to keep with IE use Eric Howes "Enough is Enough". It locks down the
    Internet zone and makes it easy to add to the trusted zone. Yes, you could do
    the lock-down with Registry Edits and the zone maint with MS POWERTWEEK. This
    batch file makes life a lot easier.

    --

    Dave Keays
    Dave Keays, Jan 25, 2006
    #5
  6. Lew

    Donnie Guest

    "Lars" <> wrote in message
    news:...
    > You use IE?
    > If you're worried about security get firefox.
    > www.mozilla.org/products/firefox

    #######################################
    I'm not worried at all.
    donnie.
    Donnie, Jan 27, 2006
    #6
  7. Lew

    Guest

    Lew wrote:
    > AIUI, it was not all that long ago when the threat to personal users,
    > was attachments that when executed compromised machines with keyloggers,
    > trojans, etc.
    >
    > Now it seems that the big problem is reading a webpage or an HTML e-mail
    > and getting affected through the scripting. My understanding is that
    > the script downloads the malicious program from the web and sets it to
    > run on start up through the start-up folder or in the registry.
    >
    > I don't know much about this; can someone suggest a good web site to
    > start learning a bit more about these threats. I have googled, but I am
    > not quire sure of the best search terms, and since there is so much
    > information out there, a site that experienced people endorse would be a
    > lot of help.
    >
    > Thanks.


    for a start. know html. then the road (long for some)- if you've done
    no programming - of learning a scripting language, then it'll be more
    obvious. The script is not part of the HTML Language. But HTML provides
    ways to embed a script into the HTML. Those files whose extension is
    ..html contain HTML and can contain a Script, but the script isn't part
    of the HTML, no matter waht that .html or .htm extension might suggest.


    I never really messed with scripting much. I think the stuff you're
    talkign about might be more ActiveX. I can't imagine javascript
    downloading a file onto my comp, but I guess it's possible. Mabe an
    exploit of it could. I think ActiveX is the big real threat. Hence
    internet explorer has the warnings and questions of whether you want to
    downlaod the activex control. It never used to have that, and so there
    were problems.
    , Feb 2, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Cloud Burst
    Replies:
    1
    Views:
    396
    SgtMinor
    Oct 22, 2003
  2. Costanza

    XP telling me new programs installed

    Costanza, Feb 13, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    3,594
  3. tvfun

    Malicious startup programs

    tvfun, Jan 4, 2005, in forum: Computer Security
    Replies:
    3
    Views:
    1,019
    Sasquatch
    Jan 5, 2005
  4. Edge
    Replies:
    9
    Views:
    451
  5. Monima
    Replies:
    0
    Views:
    1,791
    Monima
    Dec 14, 2010
Loading...

Share This Page