How can HTML Web traffic be used to distribute viruses and other malicious attacks?
Xie: There are several ways. While people often think of e-mail as the primary method of spreading attacks, many attacks are actually contained within files that are attachments to e-mail messages. Many people become infected by using Web-based e-mail, because Web e-mail is often not scanned by host antivirus software. Another way is by putting a link to an infected file in a Web page. The user can become infected by clicking on the link in the same way that they become infected by opening an e-mail attachment. Even more insidious are so-called browser-based attacks that don’t require any action on the part of the user other than going to a particular Web page to become infected. HTML code can deliver JavaScripts and other executable code that activates automatically without user action once they navigate to a particular page. This method can be extremely effective for distributing Trojans to unsuspecting users that can later allow access to a machine by a hacker.
