Examples of Attacks and Exploits

Most attacks and exploits fall into the following categories:

  • Viruses and Trojans

  • Browser component exploits

  • Redirection exploits

  • Application interactions

  • Privacy invasions

With so much history to choose from, I tried to choose examples that would demonstrate the extent of the problem.

Viruses and Trojans

Pure HTML viruses have largely not been successful in causing widespread computer damage. HTML isn’t a language built to create objects or access the local system without a little bit of help. HTML viruses containing VBScript, JavaScript, and scripted calls to ActiveX objects have been slightly more successful, but still aren’t a large threat when coming over the Web. An HTML virus can be downloaded from a web site, but it will not be executed against the user’s local system unless saved and launched locally. And even then a browser’s security warnings have to be ignored. If allowed to run, an HTML virus can infect other HTML files on the local system. Since most client computers don’t act as web servers or send HTML files to others, HTML’s ability to spread beyond the local machine is muted.


HTML.Internal , written as a demonstration, was one of the first HTML viruses. It will only work on browsers that handle VBScript and ActiveX. That effectively limits it to Internet Explorer, versions 4.0 and above. And even then, default security should prevent the virus from spreading. Example 9-1 shows an excerpt of its source code.

Using VBScript, ...

Get Malicious Mobile Code now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.