lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5.0.0.25.2.20031119233016.0155bd08@pop3.direcway.com>
From: madsaxon at direcway.com (madsaxon)
Subject: .hta virus analysys

>bryce <lord_ph@...cast.net> wrote:
>
> > I'm new to this list, and sorta new to security on a computer. But can
> > someone tell me what program runs a .hta file??

Sigh.  Since no one else seems inclined actually to answer this
question, I'll do it.

In a (pea)nutshell, Microsoft Internet Explorer is the
application by which .hta files are designed to be
interpreted.  However, any browser that understands the
syntax (e.g., Netscape) can in theory handle them.

They provide functionality above and beyond HTML; they were
originally supposed to supply designers with a way of
prototyping Web-based applications that employ dynamic
HTML, and thus would never be present in a production system.
In reality, they get used for a lot of producation purposes: 
password/access control lists, triggering helper applications
such as Office components, and in fact for launching just
about any local program while providing a simple user
interface similar to the password entry box included
with most browsers. Convenient, and quite nasty if misused.

Hopefully this brief overview will make it obvious to
you what a serious security risk these files represent, and how
laughably easy it was (is) to use them as a vector for malware.

m5x


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ