X
Tech

HTML virus more fancy than fact

A day after announcing the danger of e-mail viruses an anti-virus researcher recanted his warnings, saying that e-mail viruses were more theory than reality. "These things do exist today but they are ineffectual," said Russ Cooper, moderator of NTBugTraq.
Written by Robert Lemos, Contributor
A day after announcing the danger of e-mail viruses an anti-virus researcher recanted his warnings, saying that e-mail viruses were more theory than reality.

"These things do exist today but they are ineffectual," said Russ Cooper, moderator of NTBugTraq.

Anti-virus researchers have identified a class of viruses, called HTML viruses, which can theoretically hide out in Web pages or e-mail and spread when users view the content

On Thursday, Cooper, an independent researcher, said that he thought that such viruses could affect users of Outlook, but later recanted. "That was my mistake," he said. "I made some assumptions that turned out not to be true."

Experts say there is little concern. "Am I worried about HTML viruses? No," said Rob Rosenberger, virus hoax expert and Computer Virus Myths Webmaster.

While theoretically possible, HTML viruses poses little danger to today's users, said Mike Nichols, Internet Explorer manager for Microsoft Corp. "We are extremely confident that this is nothing that users should be worried about," he said.

Marketing frenzy
Despite that, anti-virus companies have gone into a marketing frenzy.

One firm, Trend Micro Inc., publicly announced on Wednesday efforts to include protection against such viruses in its anti-virus software, despite the fact that most users will not be affected. Last week, anti-virus firm Central Command Inc. warned of a more isolated virus that affected ActiveX controls in isolated cases.

Microsoft accused both companies of scare tactics. "They have heard of these [HTML viruses] and made announcements to scare up a few more sales," said Nichols, adding that Central Command's release had several errors.

In addition, while HTML viruses have potential to be nasty, they will have a hard time spreading out of control over the Internet.

In order to copy itself to a new Web page, the HTML virus must execute on a machine from which it is allowed to change the page. This essentially means that only Webmasters have the possibility of being "Typhoid Mary." "If you are just a user, you will not infect other people's Web pages," said Trend Micro's senior researcher Igor Grebert.

Little danger, for now
When pressed, Grebert admitted that the viruses only exist in test environments. The senior researcher has only encountered what he refers to as "sample viruses" that do not have any destructive payload.

After discussing the issue with Microsoft, Trend Micro had begun to retest to find whether the virus could infect Windows systems.

Whoever they are, the virus writers have been busy. In the past two weeks, Trend Micro has tallied no less than 17 new variants written in VBScript. None of which could harm users.

Microsoft said that such viruses could not infect via Internet Explorer, unless the user changed the security settings manually.

"As a user you would have to go to a site that was designed to be malicious, and lower IE security," said Mike Nichols, Internet Explorer product manager. Even when IE's security is set to low, users are still prompted every time a script tries to run, he said.

Future viruses in e-mail
Essentially a macro virus, HTML viruses are written in the language of the Web. Trend Micro's findings also included viruses written in Visual Basic script.

Originally, the threat of e-mail macro viruses was expected to come from Microsoft's combination of Outlook 98 and Windows 98.

At the end of July, Finnish students found holes in Outlook that let viruses spread by e-mail. However, that security hole could only be exploited by luring the user to click on an overlong HTML link.

Several experts had predicted that some virus writer would put the two together.

Instead, HTML viruses are an interesting new research topic -- yes -- but not the next Internet Worm.




Editorial standards