[ISN] HTML Virus Harmless -- So Far

From: mea culpa (jerichoat_private)
Date: Wed Nov 11 1998 - 02:02:04 PST

  • Next message: mea culpa: "[ISN] Internet 'a threat to privacy'"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.981111030126.2832uat_private>
    HTML Virus Harmless -- So Far
    By Andy Patrizio, TechWeb
    Nov 10, 1998 (2:12 PM)
    URL: http://www.techweb.com/wire/story/TWB19981110S0018
    The latest -- and potentially most dangerous -- threat to Internet users
    is a Web-based virus that enters computers just by visiting a Web page. 
    HTML.Internal -- as it has been dubbed by Central Command, the antivirus
    distributor that found it -- is said to do no harm. But, the company said,
    it could lead to serious problems. 
    "Unfortunately, this technology can be exploited, and once it gets on your
    computer, it can modify anything at that point," said Keith Peer,
    president of Central Command, the U.S. distributor of AntiViral Toolkit
    Pro. "It can change settings on your PC, read/write files, or drop scripts
    onto your computer." 
    Peer said source code for HTML.Internal has already been posted on the
    Internet and undoubtedly will be used for some malicious purpose in the
    HTML.Internal works with only Microsoft Internet Explorer and Internet
    Information Server on the back end. In an all-Netscape environment, users
    are safe from the ill effects of the virus, said Peer. 
    When users first visit a site with HTML.Internal sitting on the server, it
    calls VBScript -- the Visual Basic scripting language -- to search their
    local hard drives for all files with .HTM and .HTML extensions. 
    When users load one of the infected HTML pages, the status bar at the top
    of the screen will read "HTML.Prepend /1nternal." 
    This can be avoided by keeping IE's security at Medium at the very least
    because it will warn users that HTML.Internal is searching through their
    hard drive and trying to modify files. 
    Because of this, Peer doesn't consider HTML.Internal a virus but an
    "exploit," which means it takes advantage of how IE works. It also takes
    advantage of users who let their security down. 
    Despite all the viruses on the loose, users shouldn't become
    hypochondriacs, said a member of the Computer Emergency Response Team
    (CERT), which handles virus and security-related issues. Back Orifice, the
    Windows intrusion tool that garnered so much attention earlier this year,
    has thus far shown its bark is worse than its bite. 
    "In all of the reports we've gotten, Back Orifice only accounted for 2
    percent of incidents," said Shawn Hernan, a member of the CERT technical
    staff and leader of the vulnerability-handling group. "So, perception for
    Back Orifice might be a lot larger than reality," he said. 
    End users should use the security in their browsers because it was put
    there for a reason, Hernan said. 
    "The Internet was founded on a culture of trust and openness, and that's
    sort of carried on into its maturity," he said. "But there are bad people
    on the Internet who want to do bad things, just like there are in real
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:50 PDT