hwg-languages archives May 2000 new search results previous next

Re: Could this virus exploit end up embedded ...

by "Cyanide _7" <leo7278(at)hotmail.com>

 Date:  Sun, 07 May 2000 20:48:27 CDT
 To:  kathyw(at)home.albury.net.au
 Cc:  hwg-languages(at)hwg.org
  todo: View Thread, Original 
im inclined to say that the vbs (as i recieved it) seems to be a server-side 
script. also, i'd imagine that the script would *have* to be executed localy 
in order to modify the client machine. it is run by (at least on my machine) 
either c:\windows\WScript.exe or c:\windows\CScript.exe (Windows Scripting 
Host). so as far as such a malicous script being embedded in a web page, i 
seriously doubt it! no server-side scripting language i know has permission 
to edit the regestry! hope this helps. - Cyanide_7

PS: the script itself does damage to jpgs and mp3s and remails with the 
outlook address book, but it also downloads an executable which i believe is 
responsible for a majority of the system damage. im not speaking from 
personal experience, but i played with the source for a while.


>... in a web page?
>
>Being one who has avoided m$ proprietary formats for a looooong time, I 
>don't
>know enough about how they work/can be used to say yay or nay but could 
>this
>recent vbx (or is it vbs - I hear conflicting reports) script end up 
>embedded in
>web pages, and if so, would it only affect browsers that supported vbx/s 
>(IE and
>it's 'clones')?
>
>Javascript is heavilly sand-boxed, as is java (my two preferred 
>technologies).
>If vbx/s could be so exploited/exploitable, how has this situation been 
>allowed
>to develop? Every time a new javascript or java exploit is found it gets 
>jumped
>on and plugged up big time.
>
>Anyway, what I'd really like to know is
>a) does the risk exist that the latest round of exploits are 
>possible/likely to
>end up embedded in web pages and if so
>b) who or what software is at risk and
>c) can this type of scripting be turned off without disabling javascript as
>well in those browsers?
>
>KathyW.
>
>Red Hat Linux 6.1 (kernel 2.2.14)
>Sun JDK1.2.2
>PolarBarMailer16b (beta/alpha ... what the heck, I like it ;-)

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

HWG: hwg-languages mailing list archives, maintained by Webmasters @ IWA