Re: Malicious programs that are installed via HTML.
- From: Winged <Winged@xxxxxxxxxxxx>
- Date: Mon, 23 Jan 2006 19:42:59 -0600
Lew wrote:
AIUI, it was not all that long ago when the threat to personal users, was attachments that when executed compromised machines with keyloggers, trojans, etc.
Now it seems that the big problem is reading a webpage or an HTML e-mail and getting affected through the scripting. My understanding is that the script downloads the malicious program from the web and sets it to run on start up through the start-up folder or in the registry.
I don't know much about this; can someone suggest a good web site to start learning a bit more about these threats. I have googled, but I am not quire sure of the best search terms, and since there is so much information out there, a site that experienced people endorse would be a lot of help.
Thanks.
Lew,
Scripting is one method of code injection to the local host. When code runs on the local machine there is the potential of compromise to the local host. To date there are no scripting languages I am aware of for webpages where an exploit has not existed at one time or another.
Some vulnerabilities do not even require scripts to run, for example the recent WMF vulnerability can execute on viewing the graphic. Another method uses mime to compromise the mail host.
There is a worm (Nyxem_e) currently making the rounds that executes in MIME (mail) format, no clicking or graphics required.
Every plug-in (such as macromedia, quicktime, media player etc) allows more code types to run within the browser, thereby expanding exploit potential.
Some methods to compromise a system require a series of code to run to break down the system defenses, these are layered threats and have a much higher probability of evading antivirus or other defenses.
I know of no single site that defines all of the methods that might be used to access/compromise a system. New methods are seen almost daily.
Understanding that running any untrusted code on the local machine opens the exploit window. Allowing some code varieties (activeX comes to mind) is more dangerous (generally) than, for example, java scripting.
Email clients that allow code to run within the email when opened (outlook express) is "generally" more dangerous than clients which do not run scripts.
Typically I do not run scripts of any sort in my browser unless the site I am visiting requires scripts and my need is greater than my concern for security, in which case I allow only the activity required for the site in question and turn off scripting functionalities once they are no longer required. Just because the script is being run from, for example Yahoo, does not mean the code is safe to run. Trust no one.
Downloading files from the net and installing programs be it games toolbars or other code is extremely dangerous unless you are sure of the code source.
Some very good reading can be found in the SANS reading room. SANS does a reasonable job keeping abreast of the compromise de' jour (handlers diary). The SANS site is: http://isc.sans.org/ (note link to reading room on top menu on page)
Looking at vulnerabilities in commercial/production software I frequently use http://secunia.com/
Both these sites support RSS which is useful to stay appraised of on-going threats on a regular basis.
http://www.eff.org/ has a number of topics that are good reading. While this is not generally considered a "computer" site, they have a number of articles and papers that address various threats.
This is a start, I am curious to see other folks advice on your question. I hope to find a good single answer.
Winged
.
- References:
- Prev by Date: Re: Password Security
- Next by Date: Re: Password Security
- Previous by thread: Malicious programs that are installed via HTML.
- Next by thread: Re: Malicious programs that are installed via HTML.
- Index(es):
Relevant Pages
|
