From: believer@telepath.com Subject: IP: WiredNews: Virus Thrives on HTML Date: Thu, 12 Nov 1998 09:46:31 -0600 To: believer@telepath.com Source: Wired News http://www.wired.com/news/news/technology/story/16206.html Virus Thrives on HTML by Chris Oakes 5:53 p.m.11.Nov.98.PST An old computer invader has found a new place to thrive. A virus-monitoring group this week posted a computer virus -- called "html.internal" -- that is the first to replicate itself through hypertext markup language, or HTML, the code that defines the common Web page. "Looks like the virus crowd has finally discovered the Internet," said Richard Smith of Phar Lap Software. "HTML pages are extremely mobile.... They're intended to be given out." Other observers point out the demonstration virus requires specific Windows scripting software to carry out its task. They maintain that the virus, therefore, exposes the vulnerability of the secondary software, VisualBasic Script, not plain vanilla Web pages. "It draws attention to the power that's available to the VBScript programmer," said Jimmy Kuo, director of antivirus research at Network Associates. A computer virus typically spreads through shared files, such as word processing documents or email attachments. It most often consists of a program or piece of code that runs invisibly on any computer it manages to infect. Like any virus, it replicates itself. That replication can be threatening in itself if the virus is large, since it will quickly fill a computer's memory and cause a crash. Viruses once depended mainly on floppy disks for their travels, but networks have introduced an easier path. The HTML virus, created by the Virus Information Center and released on Tuesday, was built as a demo and does not present a large security risk in and of itself. It works through Internet Explorer 4.0 and relies on the scripting feature, VBScript, built into the latest Microsoft PC operating system, Windows 98. If security warnings are ignored, the virus will load via a Web page and infect other Web pages on the host computer. Protections already built into Internet Explorer 4.0 would warn users if they encountered the virus, said a Microsoft spokeswoman. Copyright © 1994-98 Wired Digital Inc. All rights reserved. ----------------------- NOTE: In accordance with Title 17 U.S.C. section 107, this material is distributed without profit or payment to those who have expressed a prior interest in receiving this information for non-profit research and educational purposes only. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml ----------------------- **************************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: (un)subscribe ignition-point email@address or (un)subscribe ignition-point-digest email@address **************************************************** www.telepath.com/believer ****************************************************