Web page viris. Can it happen?
Results 1 to 8 of 8

Thread: Web page viris. Can it happen?

  1. #1
    Banned
    Join Date
    Jul 2003
    Posts
    374

    Question Web page viris. Can it happen?

    G,day all, I recently read somewhere that it is now possible to
    be infected by viris just by viewing a web page without even clicking on anything.
    I can't recall where i read this and i did a search here but found nothing. Is this possible
    and can i be protected against it with my up to date antiviris?

    Thanks for any info. TidaL.

  2. #2
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    yeah it would be possible to encode a binary into a normal web document like a html file.

    but you would need javascript or vbscript and possible some other controls to actually execute it.

    you could turn java and vb off and you should be ok. or, if you notice that a page takes some time to execute, stop it and check the source (ooh the joys of dialingup if you have broadband this will most likely happen too fast for you to notice.)

    also, it is not like someone is going to ``hack`` into google.coms webserver and put some evil code up there for the world to download and execute.

    in short, the only place this would get to you is if

    1 ) .. you are using an email client which will interpret those "rich" emails. solution, use a different mail client, or use telnet. i like telnet. better yet, write your own little program with filters and warnings etc if you are that paranoid.

    2 ) .. you are visiting dogey websites. potentially due to the allure of those really cool (nay, elite) hackweiser graphics. opposed to the content. i'm sure its not the content that puts you in lemming mode. it must be the graphics. solution, don't visit crap "web" ""sites"" like the ones that would be made by little shites that would try to infect their visiters with childish little malware, spyware or whatever

    the reason the uptodate AV may be useless is because someone could write something especially for you. therefor the AV software doesn't know that it is a virus (unless of course it does certain things when exectuing)

    but, of course, there is more than likely no need for you to worry about this because the internet is not really full of people that target ""users"" on some little network somewhere just to see what is in your email. people who would want to do this sort of thing normally do not have a clue. though exceptions do arise.
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Hi TidaLphasE23,

    i agree with Max as a general rule scripting languages were the prefered methode of attack.
    Most of the HTML scripted ie also using Java/VB make use of various vulnerabilities in Windaz. so keep up to date with your win Patches and as Max said.. be aware of the 37337 sites..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Senior Member Falcon21's Avatar
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    252
    I come across some VBS IRC worms when I visit a website several times before and my Norton AntiVirus do detected and stop the worm from loading. If you have a up-to-date antivirus with script blocking and auto-protect mode enabled, I think you will be safe.
    Visit http://v4.windowsupdate.microsoft.com/en/default.asp to patch your IE from these vulnerabilities.


  5. #5
    Banned
    Join Date
    Jul 2003
    Posts
    374

    Thumbs up

    Thanks all. I think i will take that off of the things to learn list.
    Now i've only got 2,689,457 more items to go. Great.


    Thanks again TidaL.

  6. #6
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    I picked up a couple of copies of Trojan.Adclicker when I clicked
    on a banner page.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    I believe that the answer is "yes"................I have heard of McAfee and AVG (Grisoft) flagging up infected web pages. I have no details as to whether this was deliberate on the part of the site, or it had just become infected itself.

    Also, some sites will try to change your homepage.........if they can do this they have to be able to hit you with a virus?

    I have a couple of tutorials in the antivirus section regarding " countermeasures"....you might like to try some of this complementary defensive software.

    Anyhow...make sure that you keep your AV up to date.

    I do not have a link but there is an outfit called "Finjan" who have a "free" product called "surfinguard" or something like that.....If you are in the habit of surfing on the wildside...you might give it a look

    Be safe

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    64
    ActiveX controls allow Web developers to create interactive, dynamic Web pages with lots of functionality but also can be used by an attacker to run code in your system; ActiveX control runs automatically when the page is viewed so it's kind of a serious threath if you dont tweak the security in IE.

    I find this software pretty useful when it comes to filter activex, java script, pop ups among others maybe you would like to take a look at it.
    http://www.popupcop.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides