Malicious JavaScript code,

[Noone Here]

AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.

Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.

I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.

In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.

Thanks.

 

[cwdjrxyz]

AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.

Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.

I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.

In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.

Using javascript is just one of many ways of writing codes that will
cause computers serious problems. Others include ActiveX, and just
corrupted images with bad code hidden in them. At one time you could
avoid bad sites and not open unknown email, and you usually would not
get infected.For some time now there have been bugs that will infect
you just if you sign onto the web. Especially if you have a Windows OS,
you must take all Microsoft critical updates, have good virus
protection, have a good firewall, and keep them all updated. Else you
most likely will be infected soon. Some of the anti virus programs have
links that will allow you to find what new bugs are out there and will
describe an old bug for which you have found a name.

 

[Hywel Jenkins]

Using javascript is just one of many ways of writing codes that will
cause computers serious problems. Others include ActiveX, and just
corrupted images with bad code hidden in them. At one time you could
avoid bad sites and not open unknown email, and you usually would not
get infected.For some time now there have been bugs that will infect
you just if you sign onto the web. Especially if you have a Windows OS,
you must take all Microsoft critical updates, have good virus
protection, have a good firewall, and keep them all updated. Else you
most likely will be infected soon. Some of the anti virus programs have
links that will allow you to find what new bugs are out there and will
describe an old bug for which you have found a name.

Feel free to go in to some detail about how JavaScript "will cause
serious problems". Also give some detail on how "just sign[ing] onto
the web" will cause infection.

 

[Randy Webb]

cwdjrxyz said the following on 1/27/2006 6:05 PM:

Using javascript is just one of many ways of writing codes that will
cause computers serious problems. Others include ActiveX, and just
corrupted images with bad code hidden in them. At one time you could
avoid bad sites and not open unknown email, and you usually would not
get infected.For some time now there have been bugs that will infect
you just if you sign onto the web.

I am like Hywel on this one. I would like to see some examples, or an
explanation, of your claims that JS "will cause" (not "can" cause)
serious problems. And as well as "just signing onto the web" can infect
my PC.

 

[cwdjrxyz]

Feel free to go in to some detail about how JavaScript "will cause
serious problems".

A very early JS exploit used script to open the Netscape home page in
windows without limit. It also wrote "Crashing" in the status bar, and
the computer crashed. This is a very simple bug by today's standards.
Rather than playing child-like pranks such as the above, the modern
hacker may not want you to know your computer is infected. He or she
may be more interested in making your computer a zombie to send out
spam email or to obtain your personal information such as various
account numbers.

Also give some detail on how "just sign[ing] onto
the web" will cause infection.

McAfee features a different bug on their security center home page
every few days. Here is one of their descriptions:

"W32/IRCbot.worm! is a medium risk worm for home users. You can be
infected simply by going online. Once infected, your computer may
restart continuously."

If you follow a McAfee link to a more detailed description of the worm,
you find in part:

"This threat scans for MS05-039 exploitable systems. When a vulnerable
system is found, it uses a buffer overflow to write the worm file to
that machine via a TFTP upload on port 8594. Blocking this port via
McAfee Desktop Firewall or McAfee Personal Firewall will prevent
infection even if the buffer overflow is not prevented."

Few of us have the time or interest to keep up with the details of the
several new important bugs discovered nearly every week. If there were
no more bugs, likely hundreds of people working at security companies
and Microsoft would be looking for new jobs. I have both my security
programs and Microsoft update set to update automatically so that I do
not have to check for new updates very often. You also need to pay
attention to the security program icon on your desktop. For example
mine is red if it is working and black if it is not.

 

[Thomas 'PointedEars' Lahn]

Using javascript is just one of many ways of writing codes that will
cause computers serious problems. Others include ActiveX, and just
corrupted images with bad code hidden in them.

ActiveX does not run in my Mozilla/Firefox, neither in Linux nor in
Windows. And on Linux, ActiveX does not run in any other UA, too.

At one time you could avoid bad sites and not open unknown email, and
you usually would not get infected. For some time now there have been
bugs that will infect you just if you sign onto the web.

Probably you mean security leaks exploited to infect computers that have
merely established an Internet connection, which is not the same.

Especially if you have a Windows OS, you must take all Microsoft critical
updates, have good virus protection,

The (sad) truth is that no virus protection can be good enough. Vendors of
anti-virus software cannot be faster than the thousands of malicious people
writing malicious software. You could be the one that discovers your
system being infected with the brand-new virus nobody knows about. Of
course vendors of anti-virus software do not tell you this, they want to
make money. Your money.

have a good firewall,

Utter nonsense. A firewall, may it be just snake-oil software ("desktop
firewall") or a real one (that is, a security concept including a network
packet filter), cannot protect you from yourself, allowing your system to
be compromised by running inherently insecure software and clicking on
everything that cannot fight back. Of course vendors of so-called "desktop
firewalls" do not tell you this, they want to make (your) money one way
(you buying their snake oil and feeling protected while you are not at all)
or the other (you providing them with potentially valuable information
without knowing it).

<URL:http://www.interhack.net/pubs/fwfaq/>

Again, what is the right thing to do is not to use inherently insecure
software (that includes inherently insecure operating systems), or
configure the system as secure as possible if the former is not
possible, and to develop a common sense for secure use of computers.

<URL:http://www.ntsvcfg.de/linkblock_eng.html>


HTH

PointedEars

 

[cwdjrxyz]

Using javascript is just one of many ways of writing codes that will
cause computers serious problems. Others include ActiveX, and just
corrupted images with bad code hidden in them. At one time you could
avoid bad sites and not open unknown email, and you usually would not
get infected.For some time now there have been bugs that will infect
you just if you sign onto the web. Especially if you have a Windows OS,
you must take all Microsoft critical updates, have good virus
protection, have a good firewall, and keep them all updated. Else you
most likely will be infected soon. Some of the anti virus programs have
links that will allow you to find what new bugs are out there and will
describe an old bug for which you have found a name.

You can of course reduce your chances for infection by using one of the
lesser used OSs rather than Windows. Many of these are more difficult
to hack than the XP, but also the XP is a favorite target of hackers
because they can infect a larger number of of computers that way.
Unfortunately many of us must use a Windows OS, because many important
media and other programs do not have versions for other OSs. If you are
working with professional media programs, fortunately many of these
have Mac as well as Windows versions. Many of the media professionals
love Mac for their work. Macs have been hacked, but not nearly as much
as Windows.

I should mention that ActiveX usually is found only on Microsoft OSs,
browsers, and their close relatives such as MSN9. However there have
been downloads available for Firefox, Mozilla, and Netscape to support
ActiveX for the Windows Media Player only. The reason is that some
write media pages using only ActiveX support. This limited use of
ActiveX for the WMP only is likely much safer than full ActiveX
support. Opera seems to have found some indirect way to support media
for the WMP written using ActiveX code only. I have no idea how they do
this, but it is extremely unlikely that they use ActiveX for anything
on their browser. Of course, if one wishes to live dangerously, you can
locate full ActiveX plugins for many browsers.

I should add that spyware, malware, scumware, or whatever you choose to
call it has become a big problem. If you have a Windows OS, you can
download a spyware protection program for free.But they check your
computer to make sure you have an official Windows OS, and if not you
get no download.

Of course it still pays to be careful. Stay away from doubtful sites,
use an email service or agent that scans for problems, etc. I have
never used Outlook/Outlook Express. I use the Yahoo mail service
provided by my isp SBC/Yahoo DSL, but free Yahoo mail is available to
everyone. They will not open any attachment for you until it is scanned
for a virus. I open all of my domain mail at Yahoo mail as pop mail. As
in most things in life, nothing is certain. You could be the first on
the block to get a new bug before updates for it are available in
protection programs. However, especially if you use a Windows OS, you
can greatly reduce the odds if you have good protection programs as
well as use caution about what you view or open.

Even on a Windows OS browser, you likely can reduce your chances for
infection by using a browser other than IE when online. I usually use
Opera or Firefox, but you still have to use IE to view some sites
properly. I have Opera set for very high security and use it for
questionable sites. It asks for you to accept or refuse all cookies of
any type a site my try to plant on your computer. I have seen sites for
which you have to refuse cookies 20 times, and some sites will not let
you in without cookies.

 

[Lee]

cwdjrxyz said:

A very early JS exploit used script to open the Netscape home page in
windows without limit.

Very early. What does that have to do with how Javascript "will cause
serious problems"?

 

[Randy Webb]

cwdjrxyz said the following on 1/27/2006 9:29 PM:

A very early JS exploit used script to open the Netscape home page in
windows without limit.

Trivial to do actually even now without a pop up blocker and considering
that even IE comes with one by default (enabled no less) its not a
concern anymore. But for kicks and giggles, you can disable yours and
execute this script for fun:

<script type="text/javascript">
while (1){window.open('www.netscape.com')}
</script>

And anybody that surfs the web without a pop up blocker deserves what
that script snippet will do.

It also wrote "Crashing" in the status bar, and the computer crashed.

Repeatedly opening new windows causes that to happen......

This is a very simple bug by today's standards.

It wasn't a "bug" then and it's not a "bug" now. It was an exploitation
of user's ignorance about pop ups and the lack of a decent pop up blocker.

Rather than playing child-like pranks such as the above, the modern
hacker may not want you to know your computer is infected.

And I will ask *again*. Post some JavaScript code that will "infect" my
computer. I want to see it.

He or she may be more interested in making your computer a zombie to send out
spam email or to obtain your personal information such as various account numbers.

Again, post some code. And, post code that will cause *my* PC to
repeatedly send out emails. Go on, try it.

Also give some detail on how "just sign[ing] onto
the web" will cause infection.

McAfee features a different bug on their security center home page
every few days. Here is one of their descriptions:

Anybody dumb enough to buy into McAfee's marketing hype deserves to pay
for the product that McAfee is selling. Do you actually expect to open a
website that sells an anti-virus product and not read how you should
have it?

"W32/IRCbot.worm! is a medium risk worm for home users. You can be
infected simply by going online. Once infected, your computer may
restart continuously."

Thats ignorance on the users part.

If you follow a McAfee link to a more detailed description of the worm,
you find in part:

"This threat scans for MS05-039 exploitable systems. When a vulnerable
system is found, it uses a buffer overflow to write the worm file to
that machine via a TFTP upload on port 8594. Blocking this port via
McAfee Desktop Firewall or McAfee Personal Firewall will prevent
infection even if the buffer overflow is not prevented."

The only thing being exploited there is peoples fear. And the ones doing
the exploiting are McAfee.

Few of us have the time or interest to keep up with the details of the
several new important bugs discovered nearly every week.

And some of us, myself being the first one to say so, don't care about
the details of new "important bugs" discovered. When MS updates the OS,
I update it. I have no need to try to track it myself.

If there were no more bugs, likely hundreds of people working at
security companies and Microsoft would be looking for new jobs.

And as long as that stays true, there will always be people trying to
keep a job by telling you to buy the product they are selling.

I have both my security programs and Microsoft update set to update
automatically so that I do not have to check for new updates very often.

Smart move.

You also need to pay attention to the security program icon on your desktop.

What "security icon"? You mean the one I told the day I got WinXP to
shut up and let me handle my own PC? I disabled that piece of crap long ago.

For example mine is red if it is working and black if it is not.

Then it should stay black all the time......

 

[cwdjrxyz]

cwdjrxyz said:

Very early. What does that have to do with how Javascript "will cause
serious problems"?

A virus that crashes a computer is a serious problem to me, but
everyone may have a different threshold for what is serious. Of course
this virus is seldom met anymore. I gave it as an example of a pure JS
virus rather than a modern one that often mixes several types of code.
However someone at a software company put it in a code for a free html
editor, apparently a former employee, as a prank. The software company
did not bother to remove it for years. Thus many people had their
antivirus program detect it when they downloaded the program. I believe
the virus was put in the program in a form that would do no harm,
except set off virus detection programs. This subject kept coming up in
NGs for many years.

Many modern viruses and worms use a combination of various codes, of
which javascript often is a part, and the problems caused by some of
these can be quite severe. You can find a huge number of references to
these on Google at
http://www.google.com/search?as_q=j...as_dt=i&as_sitesearch=&as_rights=&safe=images

. If this very long URL fails, just use advanced search, require virus
or worm, and require javascript. Javascript is very much alive and well
in many recent bugs.

 

[Randy Webb]

cwdjrxyz said the following on 1/28/2006 3:58 AM:

. If this very long URL fails, just use advanced search, require virus
or worm, and require javascript. Javascript is very much alive and well
in many recent bugs.

There are 20,500,000 hits for Driving and Virus OR Worm so you better
stop driving or your computer will get infected! Its true! I read it in
Google......

<URL:
http://www.google.com/search?as_q=d...as_dt=i&as_sitesearch=&as_rights=&safe=images>

 

[cwdjrxyz]

cwdjrxyz said the following on 1/28/2006 1:50 AM:

Do you work for a security company or an anti-virus company? It has to
be one of the two to come up with the kind of arguments you did (none of
which are true).

No, I do not work for a security or anti-virus company. You are
entitled to your opinion about what is true. However I suspect that
many would argue with this conclusion, especially for those who use
Windows XP without protective programs. I think that even Microsoft
will suggest protective programs on computers that use Windows OSs, and
they are not a big player in the security market - at least not yet.
The XP does provide a one way firewall, and I doubt if Microsoft went
to the expense to put this in if they did not think it was needed -at
least for average computer users. If you want a 2 way firewall, you
have to obtain it elsewhere. Or if you are on broadband and use a
router with firewall protection, as often is the case, the issue
concerning a firewall on the computer itself becomes moot.

The best defense against being infected? Knowledge. Knowledge of how
your computer works (at least a basic understanding) and a basic
knowledge of how the web works. Now you can be safe.

The world is seldom ideal, and people who post to this and other
technical NGs likely know far more about computers than the average
computer owner. Also several family members may use the same computer,
and some may not know much about it. My impression is that many PC
owners now just consider it as another household appliance, expect it
to work well out of the box, and are not going to be bothered with much
upkeep. At least in the US, many computers are replaced when they
become very slow because of infection with multiple viruses and worms
or other technical issues, even though they often could be easily fixed
if the owner did just a little research, or perhaps asked a neighbor
teen computer geek to take a look.They could care less about how the
computer works. As long as it does email, allows them to use their bank
etc, and allows them to order goods, they are happy. Some, especially
those who live alone, are into chat.

Even my mother knows how to keep from getting her computer infected. She
has no firewall and no anti-virus program but she has the Knowledge to
know how to stay safe.

I have no idea what OS and browser your mother's computer uses. I have
know people who have an older Mac who have no protection and are not
especially careful, but who have never had problems, because there are
far fewer viruses and worms aimed at these older Macs. However you
mother has a son who is quite knowledgable about computers . For all
I know, your mother could be a computer engineer. However not all
mothers are especially careful when using a computer or have sons who
are knowledgable. Of course some mothers think mother-knows-best and
what you say to them goes in one ear and out the other.

 

[Eric B. Bednarz]

XP is a favorite target of hackers

I never noticed that. Competent hackers even seem to be notoriously
uninterested; sad, isn't it.

Macs have been hacked

That would be successfully getting rid of HFS+, I believe. *Please*
share (wherever it would be on topic, surely not here).

 

[VK]

AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.

Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.

I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.

In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.

Such questions are better to be posted/answered at astalavista.com and
so.
Briefly and plainly: JavaScript by itself can do *nothing* to your
computer because it doesn't provide access to any system resources. The
best achievement within JavaScript itself would be some
systemwise-harmless nastiness like:
while (true) {
alert("I'm cool hacker Joe!");
} //

JavaScript though can be used to unitiate host objects with system
access (DOM / ActiveX / XPConnect). This aspect is really out of
JavaScript responsability and depends of how wise the relevant object
have been written. For example IE 6.0 has a by-design hole in one
module allowing to infect the system in seconds even with *any
anti-virus software installed*. This hole was finally fixed only in IE
on XP SP2 or higher. On any lower versions your only protection is do
not go to any suspitious places. And this exploit also doesn't depend
on JScript enabled or not - only on <object> activation.

Does JavaScript / JScript disabled gurantees safe browsing? Not at all.
If say you're using Windows higher then Win98, you are vulnerable to
port attacks and you have to have personal firewall installed (or sit
behind a corporate one). Otherwise you even do not need to launch your
prowser - Internet connection itself is enough to be infected if your
computer is found by port spiders.

Does JavaScript / JScript disabled removes some possible
vulnerabilities? Yes it does, but only smaller part of them.

1) Antivirus with regular update subscription
2) Firewall
3) All producer recommended updates for your OS
4) Latest producer recommended version of your preffered browser
5) A regular cautioness with files received from the Web

There are some money and efforts required to invest from the *customer
side* and it is much more (as you can see) than click some "disabled"
button.

IMHO

 

[Thomas 'PointedEars' Lahn]

Keeping ports in stealth mode is pretty basic, IMO.

^^^^^^^^^^^^^^^^^^^^^
Please get informed about TCP.


PointedEars

 

[Hywel Jenkins]

A virus that crashes a computer is a serious problem to me, but
everyone may have a different threshold for what is serious. Of course
this virus is seldom met anymore. I gave it as an example of a pure JS
virus

It wasn't a virus, dumb-ass.

 

[Hywel Jenkins]

No, I do not work for a security or anti-virus company. You are
entitled to your opinion about what is true. However I suspect that
many would argue with this conclusion, especially for those who use
Windows XP without protective programs. I think that even Microsoft
will suggest protective programs on computers that use Windows OSs, and
they are not a big player in the security market - at least not yet.
The XP does provide a one way firewall

It has two-way functionality.

I have no idea what OS and browser your mother's computer uses. I have
know people who have an older Mac who have no protection and are not
especially careful, but who have never had problems, because there are
far fewer viruses and worms aimed at these older Macs.

Myth.

 

[Jeff North]

| cwdjrxyz said the following on 1/28/2006 1:50 AM:
| > cwdjrxyz wrote:
|
| <snip>
|
| Do you work for a security company or an anti-virus company? It has to
| be one of the two to come up with the kind of arguments you did (none of
| which are true).
|
| The best defense against being infected? Knowledge. Knowledge of how
| your computer works (at least a basic understanding) and a basic
| knowledge of how the web works. Now you can be safe.
|
| Even my mother knows how to keep from getting her computer infected. She
| has no firewall and no anti-virus program but she has the Knowledge to
| know how to stay safe.

My experience (take it for what it is worth).
I have cable connection.
I was rebuilding my machine after a crash.
I formatted the hard drive and re-installed the OS.
I left the cable connection as the setup would've detected this and
configured it for me.
After the OS was installed I then installed the AV app.
It reported 5 virii - all because I had a connection to the internet.

 

[cwdjrxyz]

Y> > The XP does provide a one way firewall

It has two-way functionality.

You may be right, but see
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
for details about the Microsoft firewall included with the XP, post
sp2. It makes mention that there firewall can block incoming attempts
to connect to ports, etc. It does not mention that it will block
outgoing attempts by your computer to connect to somewhere, which is
the second leg of a 2 way firewall. On the 2 way firewall I use, I can
even block a browser so it can not get out. This feature is useful for
a few programs that do not need to be on the web when you use them. A
few programs report back various things that some might consider an
invasion of privacy. I do not use the Microsoft firewall, but rather
another one that is 2 way, keeps detailed logs of all attempts to
connect, and allows you to easily trace the source of attempts. Such
attempts to find open ports happen all of the time from all over the
world, but especially from a few far Eastern countries.

It is interesting that Microsoft, in the reference given, also suggests
use of anti-virus software when using the XP and gives a link to
considerations for selection of such software.

Again, you could be right. Microsoft has so many updates for the XP
that it is difficult to keep track of just what each update does. It
would not surprise me if they made modifications in their firewall, and
since I use another firewall, I would never notice such a possible
change.

This thread has grown into a rather long, now off topic, monster. This
sometimes happens over weekends when there are not many questions
concerning script to answer. Hopefully there will be more posts more
directly concerned with script soon.

 

[Hywel Jenkins]

My experience (take it for what it is worth).
I have cable connection.
I was rebuilding my machine after a crash.
I formatted the hard drive and re-installed the OS.
I left the cable connection as the setup would've detected this and
configured it for me.
After the OS was installed I then installed the AV app.
It reported 5 virii - all because I had a connection to the internet.

Rubbish. They're false positives, or your set-up is not "authentic".