Examples of Attacks and Exploits
Most attacks and exploits fall into the following categories:
Viruses and Trojans
Browser component exploits
Redirection exploits
Application interactions
Privacy invasions
With so much history to choose from, I tried to choose examples that would demonstrate the extent of the problem.
Viruses and Trojans
Pure HTML viruses have largely not been successful in causing widespread computer damage. HTML isn’t a language built to create objects or access the local system without a little bit of help. HTML viruses containing VBScript, JavaScript, and scripted calls to ActiveX objects have been slightly more successful, but still aren’t a large threat when coming over the Web. An HTML virus can be downloaded from a web site, but it will not be executed against the user’s local system unless saved and launched locally. And even then a browser’s security warnings have to be ignored. If allowed to run, an HTML virus can infect other HTML files on the local system. Since most client computers don’t act as web servers or send HTML files to others, HTML’s ability to spread beyond the local machine is muted.
HTML.Internal
HTML.Internal
,
written as a demonstration, was one of the first HTML viruses. It
will only work on browsers that handle VBScript and ActiveX. That
effectively limits it to Internet Explorer, versions 4.0 and above.
And even then, default security should prevent the virus from
spreading. Example 9-1 shows an excerpt of its
source code.
Using VBScript, ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.