August 9th, 2003 02:17 PM
Web page viris. Can it happen?
G,day all, I recently read somewhere that it is now possible to
be infected by viris just by viewing a web page without even clicking on anything.
I can't recall where i read this and i did a search here but found nothing. Is this possible
and can i be protected against it with my up to date antiviris?
Thanks for any info. TidaL.
August 9th, 2003 02:37 PM
yeah it would be possible to encode a binary into a normal web document like a html file.
you could turn java and vb off and you should be ok. or, if you notice that a page takes some time to execute, stop it and check the source (ooh the joys of dialingup if you have broadband this will most likely happen too fast for you to notice.)
also, it is not like someone is going to ``hack`` into google.coms webserver and put some evil code up there for the world to download and execute.
in short, the only place this would get to you is if
1 ) .. you are using an email client which will interpret those "rich" emails. solution, use a different mail client, or use telnet. i like telnet. better yet, write your own little program with filters and warnings etc if you are that paranoid.
2 ) .. you are visiting dogey websites. potentially due to the allure of those really cool (nay, elite) hackweiser graphics. opposed to the content. i'm sure its not the content that puts you in lemming mode. it must be the graphics. solution, don't visit crap "web" ""sites"" like the ones that would be made by little shites that would try to infect their visiters with childish little malware, spyware or whatever
the reason the uptodate AV may be useless is because someone could write something especially for you. therefor the AV software doesn't know that it is a virus (unless of course it does certain things when exectuing)
but, of course, there is more than likely no need for you to worry about this because the internet is not really full of people that target ""users"" on some little network somewhere just to see what is in your email. people who would want to do this sort of thing normally do not have a clue. though exceptions do arise.
Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!
August 9th, 2003 03:22 PM
i agree with Max as a general rule scripting languages were the prefered methode of attack.
Most of the HTML scripted ie also using Java/VB make use of various vulnerabilities in Windaz. so keep up to date with your win Patches and as Max said.. be aware of the 37337 sites..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
August 9th, 2003 03:34 PM
I come across some VBS IRC worms when I visit a website several times before and my Norton AntiVirus do detected and stop the worm from loading. If you have a up-to-date antivirus with script blocking and auto-protect mode enabled, I think you will be safe.
Visit http://v4.windowsupdate.microsoft.com/en/default.asp to patch your IE from these vulnerabilities.
August 9th, 2003 03:41 PM
Thanks all. I think i will take that off of the things to learn list.
Now i've only got 2,689,457 more items to go. Great.
Thanks again TidaL.
August 9th, 2003 05:24 PM
I picked up a couple of copies of Trojan.Adclicker when I clicked
on a banner page.
August 9th, 2003 05:36 PM
I believe that the answer is "yes"................I have heard of McAfee and AVG (Grisoft) flagging up infected web pages. I have no details as to whether this was deliberate on the part of the site, or it had just become infected itself.
Also, some sites will try to change your homepage.........if they can do this they have to be able to hit you with a virus?
I have a couple of tutorials in the antivirus section regarding " countermeasures"....you might like to try some of this complementary defensive software.
Anyhow...make sure that you keep your AV up to date.
I do not have a link but there is an outfit called "Finjan" who have a "free" product called "surfinguard" or something like that.....If you are in the habit of surfing on the wildside...you might give it a look
August 10th, 2003 01:03 AM
ActiveX controls allow Web developers to create interactive, dynamic Web pages with lots of functionality but also can be used by an attacker to run code in your system; ActiveX control runs automatically when the page is viewed so it's kind of a serious threath if you dont tweak the security in IE.
I find this software pretty useful when it comes to filter activex, java script, pop ups among others maybe you would like to take a look at it.