[Gllug] HTML Malware
Daniel P. Berrange
dan at berrange.com
Thu Jul 6 12:55:12 UTC 2006
On Thu, Jul 06, 2006 at 01:20:03PM +0100, Mick Farmer wrote:
> Dear GLLUGers,
>
> I'm having difficulty explaining to a colleague that HTML
> (e-mail) can contain malicious exploits. Does anyone know
> where I can obtain a benign example that I can demonstrate?
Its not neccessarily HTML itself which is dangerous, but rather than
things it links to. For example, the earlier this year there was the
Windows WMF image file vulnerability which spread via HTML email and
the <img> links it contains.
http://www.f-secure.com/weblog/archives/archive-012006.html#00000768
Sure, web browsers are vulnerable to WMF image file flaws too, but
with a web browser you'd have to explicitly visit a site with a dodgy
image, but with email you just the dodgy stuff pushed out to you
constantly as spam / virus from your normal contacts who have become
infected themselves. This makes HTML/Email a much more virilent
(and thus dangerous) transmission channel than HTML/WebBrowser.
Regards,
Dan.
--
|=- GPG key: http://www.berrange.com/~dan/gpgkey.txt -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- berrange at redhat.com - Daniel Berrange - dan at berrange.com -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060706/846b7743/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list