Malicious JavaScript code,

cwdjrxyz said the following on 1/28/2006 3:58 AM:

<snip>

. If this very long URL fails, just use advanced search, require virus
or worm, and require javascript. Javascript is very much alive and well
in many recent bugs.

There are 20,500,000 hits for Driving and Virus OR Worm so you better
stop driving or your computer will get infected! Its true! I read it in
Google......

<URL:
http://www.google.com/search?as_q=dri ving&num=50&hl= en&btnG=Google+ Search&as_epq=& as_oq=virus+wor m&as_eq=&lr=&as _ft=i&as_filety pe=&as_qdr=all& as_occt=any&as_ dt=i&as_sitesea rch=&as_rights= &safe=images >

--
Randy
comp.lang.javas cript FAQ - http://jibbering.com/faq & newsgroup weekly
Javascript Best Practices - http://www.JavascriptToolbox.com/bestpractices/

Randy Webb wrote:

cwdjrxyz said the following on 1/28/2006 1:50 AM:

cwdjrxyz wrote:

Do you work for a security company or an anti-virus company? It has to
be one of the two to come up with the kind of arguments you did (none of
which are true).
No, I do not work for a security or anti-virus company. You are
entitled to your opinion about what is true. However I suspect that
many would argue with this conclusion, especially for those who use
Windows XP without protective programs. I think that even Microsoft
will suggest protective programs on computers that use Windows OSs, and
they are not a big player in the security market - at least not yet.
The XP does provide a one way firewall, and I doubt if Microsoft went
to the expense to put this in if they did not think it was needed -at
least for average computer users. If you want a 2 way firewall, you
have to obtain it elsewhere. Or if you are on broadband and use a
router with firewall protection, as often is the case, the issue
concerning a firewall on the computer itself becomes moot.
The best defense against being infected? Knowledge. Knowledge of how
your computer works (at least a basic understanding) and a basic
knowledge of how the web works. Now you can be safe.
The world is seldom ideal, and people who post to this and other
technical NGs likely know far more about computers than the average
computer owner. Also several family members may use the same computer,
and some may not know much about it. My impression is that many PC
owners now just consider it as another household appliance, expect it
to work well out of the box, and are not going to be bothered with much
upkeep. At least in the US, many computers are replaced when they
become very slow because of infection with multiple viruses and worms
or other technical issues, even though they often could be easily fixed
if the owner did just a little research, or perhaps asked a neighbor
teen computer geek to take a look.They could care less about how the
computer works. As long as it does email, allows them to use their bank
etc, and allows them to order goods, they are happy. Some, especially
those who live alone, are into chat.
Even my mother knows how to keep from getting her computer infected. She
has no firewall and no anti-virus program but she has the Knowledge to
know how to stay safe.

I have no idea what OS and browser your mother's computer uses. I have
know people who have an older Mac who have no protection and are not
especially careful, but who have never had problems, because there are
far fewer viruses and worms aimed at these older Macs. However you
mother has a son who is quite knowledgable about computers :-). For all
I know, your mother could be a computer engineer. However not all
mothers are especially careful when using a computer or have sons who
are knowledgable. Of course some mothers think mother-knows-best and
what you say to them goes in one ear and out the other.

On 27 Jan 2006 18:29:35 -0800, "cwdjrxyz" <sp*******@cwdj r.info>
wrote:

Hywel Jenkins wrote:

Feel free to go in to some detail about how JavaScript "will cause
serious problems".

A very early JS exploit used script to open the Netscape home page in
windows without limit. It also wrote "Crashing" in the status bar, and
the computer crashed. This is a very simple bug by today's standards.
Rather than playing child-like pranks such as the above, the modern
hacker may not want you to know your computer is infected. He or she
may be more interested in making your computer a zombie to send out
spam email or to obtain your personal information such as various
account numbers.

Also give some detail on how "just sign[ing] onto
the web" will cause infection.

McAfee features a different bug on their security center home page
every few days. Here is one of their descriptions:

"W32/IRCbot.worm! is a medium risk worm for home users. You can be
infected simply by going online. Once infected, your computer may
restart continuously."

If you follow a McAfee link to a more detailed description of the worm,
you find in part:

"This threat scans for MS05-039 exploitable systems. When a vulnerable
system is found, it uses a buffer overflow to write the worm file to
that machine via a TFTP upload on port 8594. Blocking this port via
McAfee Desktop Firewall or McAfee Personal Firewall will prevent
infection even if the buffer overflow is not prevented."

Few of us have the time or interest to keep up with the details of the
several new important bugs discovered nearly every week.

Keeping ports in stealth mode is pretty basic, IMO.
Mason Barge

"If this is coffee, please bring me some tea. If this is tea, please bring me some coffee."
-- Abraham Lincoln

"cwdjrxyz" <sp*******@cwdj r.info> writes:

XP is a favorite target of hackers
I never noticed that. Competent hackers even seem to be notoriously
uninterested; sad, isn't it.
Macs have been hacked

That would be successfully getting rid of HFS+, I believe. *Please*
share (wherever it would be on topic, surely not here).

Noone Here wrote:

AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.

Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.

I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.

In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.

Such questions are better to be posted/answered at astalavista.com and
so.
Briefly and plainly: JavaScript by itself can do *nothing* to your
computer because it doesn't provide access to any system resources. The
best achievement within JavaScript itself would be some
systemwise-harmless nastiness like:
while (true) {
alert("I'm cool hacker Joe!");
} // :-)

JavaScript though can be used to unitiate host objects with system
access (DOM / ActiveX / XPConnect). This aspect is really out of
JavaScript responsability and depends of how wise the relevant object
have been written. For example IE 6.0 has a by-design hole in one
module allowing to infect the system in seconds even with *any
anti-virus software installed*. This hole was finally fixed only in IE
on XP SP2 or higher. On any lower versions your only protection is do
not go to any suspitious places. And this exploit also doesn't depend
on JScript enabled or not - only on <object> activation.

Does JavaScript / JScript disabled gurantees safe browsing? Not at all.
If say you're using Windows higher then Win98, you are vulnerable to
port attacks and you have to have personal firewall installed (or sit
behind a corporate one). Otherwise you even do not need to launch your
prowser - Internet connection itself is enough to be infected if your
computer is found by port spiders.

Does JavaScript / JScript disabled removes some possible
vulnerabilities ? Yes it does, but only smaller part of them.

1) Antivirus with regular update subscription
2) Firewall
3) All producer recommended updates for your OS
4) Latest producer recommended version of your preffered browser
5) A regular cautioness with files received from the Web

There are some money and efforts required to invest from the *customer
side* and it is much more (as you can see) than click some "disabled"
button.

IMHO

Mason Barge wrote:

Keeping ports in stealth mode is pretty basic, IMO.

^^^^^^^^^^^^^^^ ^^^^^^
Please get informed about TCP.
PointedEars

In article <11************ *********@g47g2 000cwa.googlegr oups.com>,
sp*******@cwdjr .info says...

Lee wrote:

cwdjrxyz said:

Hywel Jenkins wrote:

> Feel free to go in to some detail about how JavaScript "will cause
> serious problems".

A very early JS exploit used script to open the Netscape home page in
windows without limit.

Very early. What does that have to do with how Javascript "will cause
serious problems"?

A virus that crashes a computer is a serious problem to me, but
everyone may have a different threshold for what is serious. Of course
this virus is seldom met anymore. I gave it as an example of a pure JS
virus

It wasn't a virus, dumb-ass.

--

Hywel
http://kibo.org.uk/

In article <11************ **********@g49g 2000cwa.googleg roups.com>,
sp*******@cwdjr .info says...

Randy Webb wrote:

cwdjrxyz said the following on 1/28/2006 1:50 AM:

cwdjrxyz wrote:

Do you work for a security company or an anti-virus company? It has to
be one of the two to come up with the kind of arguments you did (none of
which are true).

No, I do not work for a security or anti-virus company. You are
entitled to your opinion about what is true. However I suspect that
many would argue with this conclusion, especially for those who use
Windows XP without protective programs. I think that even Microsoft
will suggest protective programs on computers that use Windows OSs, and
they are not a big player in the security market - at least not yet.
The XP does provide a one way firewall

It has two-way functionality.

Even my mother knows how to keep from getting her computer infected. She
has no firewall and no anti-virus program but she has the Knowledge to
know how to stay safe.

I have no idea what OS and browser your mother's computer uses. I have
know people who have an older Mac who have no protection and are not
especially careful, but who have never had problems, because there are
far fewer viruses and worms aimed at these older Macs.

Myth.

--

Hywel
http://kibo.org.uk/

On Sat, 28 Jan 2006 04:16:04 -0500, in comp.lang.javas cript Randy Webb
<Hi************ @aol.com>
<ub************ ********@comcas t.com> wrote:

| cwdjrxyz said the following on 1/28/2006 1:50 AM:
| > cwdjrxyz wrote:
|
| <snip>
|
| Do you work for a security company or an anti-virus company? It has to
| be one of the two to come up with the kind of arguments you did (none of
| which are true).
|
| The best defense against being infected? Knowledge. Knowledge of how
| your computer works (at least a basic understanding) and a basic
| knowledge of how the web works. Now you can be safe.
|
| Even my mother knows how to keep from getting her computer infected. She
| has no firewall and no anti-virus program but she has the Knowledge to
| know how to stay safe.

My experience (take it for what it is worth).
I have cable connection.
I was rebuilding my machine after a crash.
I formatted the hard drive and re-installed the OS.
I left the cable connection as the setup would've detected this and
configured it for me.
After the OS was installed I then installed the AV app.
It reported 5 virii - all because I had a connection to the internet.
---------------------------------------------------------------
jn******@yourpa ntsyahoo.com.au : Remove your pants to reply
---------------------------------------------------------------

Hywel Jenkins wrote:

In article <11************ **********@g49g 2000cwa.googleg roups.com>,
sp*******@cwdjr .info says...

Randy Webb wrote:

cwdjrxyz said the following on 1/28/2006 1:50 AM:
> cwdjrxyz wrote:

Do you work for a security company or an anti-virus company? It has to
be one of the two to come up with the kind of arguments you did (none of
which are true).

No, I do not work for a security or anti-virus company. You are
entitled to your opinion about what is true. However I suspect that
many would argue with this conclusion, especially for those who use
Windows XP without protective programs. I think that even Microsoft
will suggest protective programs on computers that use Windows OSs, and
they are not a big player in the security market - at least not yet.

Y> > The XP does provide a one way firewall
It has two-way functionality.

You may be right, but see
http://www.microsoft.com/windowsxp/u...2_wfintro.mspx
for details about the Microsoft firewall included with the XP, post
sp2. It makes mention that there firewall can block incoming attempts
to connect to ports, etc. It does not mention that it will block
outgoing attempts by your computer to connect to somewhere, which is
the second leg of a 2 way firewall. On the 2 way firewall I use, I can
even block a browser so it can not get out. This feature is useful for
a few programs that do not need to be on the web when you use them. A
few programs report back various things that some might consider an
invasion of privacy. I do not use the Microsoft firewall, but rather
another one that is 2 way, keeps detailed logs of all attempts to
connect, and allows you to easily trace the source of attempts. Such
attempts to find open ports happen all of the time from all over the
world, but especially from a few far Eastern countries.

It is interesting that Microsoft, in the reference given, also suggests
use of anti-virus software when using the XP and gives a link to
considerations for selection of such software.

Again, you could be right. Microsoft has so many updates for the XP
that it is difficult to keep track of just what each update does. It
would not surprise me if they made modifications in their firewall, and
since I use another firewall, I would never notice such a possible
change.

This thread has grown into a rather long, now off topic, monster. This
sometimes happens over weekends when there are not many questions
concerning script to answer. Hopefully there will be more posts more
directly concerned with script soon.