This begins a four-chapter discussion on all the ways malicious
mobile code can attack your system through an Internet
World Wide Web (WWW) browser, particularly
Microsoft Internet Explorer. Chapter 8 starts the
discussion by introducing the World Wide Web and the general
technologies used in Microsoft’s Internet Explorer. Chapter 9 will discuss exploits of those technologies, give
specific examples, and finish up with how to prevent attacks. Chapter 10 covers Java language exploits while Chapter 11 covers rogue ActiveX controls. Taken together,
these four chapters are a solid introduction into the world of
malicious mobile code in a browser-based environment.
I’ll start with this sentence: no PC with an Internet-connected browser can be considered secure. No matter how well you think you have locked down a PC with an Internet browser, the software is too complex to close all the holes. If a PC under your control needs absolute security, remove the browser. If that isn’t the answer you were looking for, continue reading.
Yes, a computer can be compromised simply by surfing the Net. By default, when a web page is accessed, all of the allowable content is downloaded, scripted, launched, and if appropriate, executed. A rogue programmer has a whole arsenal of tools that can turn a simple-looking web link into something malicious. Rogue code can be accomplished through a browser using the following technologies:
Scripting languages ...