Malicious Code is a new kind of threat which cannot be blocked by anti-virus software alone. In contrast to viruses (which require a user to execute a program in order to cause damage), malicious code is an auto-executable application. It can take the form of Java Applets, ActiveX controls, plug-ins, pushed content, scripting languages, or a number of new programming languages designed to enhance Web pages and email.
Early in 1997, a serious threat that involved a free Plug-In advertised as a multimedia viewer for Web movies was exposed. The free Plug-In silently redirected the computer's modem from the Internet access line to a pay-per-minute number which cost users thousands of dollars in phone bills. Within a few months of this attack, a hacker organization used an ActiveX control to transfer funds by modifying Quicken files located on the local drives of people viewing their web page. In 1999, a program called "Picture.EXE" forwarded the usernames and passwords of many America Online users to unknown email addresses. Over 250 examples of malicious code has been documented since 1997.
No comments:
Post a Comment