Full Disclosure mailing list archives
Re: .hta virus analysys
From: madsaxon <madsaxon () direcway com>
Date: Wed, 19 Nov 2003 23:51:20 -0600
bryce <lord_ph () comcast net> wrote: > I'm new to this list, and sorta new to security on a computer. But can > someone tell me what program runs a .hta file??
Sigh. Since no one else seems inclined actually to answer this question, I'll do it. In a (pea)nutshell, Microsoft Internet Explorer is the application by which .hta files are designed to be interpreted. However, any browser that understands the syntax (e.g., Netscape) can in theory handle them. They provide functionality above and beyond HTML; they were originally supposed to supply designers with a way of prototyping Web-based applications that employ dynamic HTML, and thus would never be present in a production system.In reality, they get used for a lot of producation purposes: password/access control lists, triggering helper applications
such as Office components, and in fact for launching just about any local program while providing a simple user interface similar to the password entry box included with most browsers. Convenient, and quite nasty if misused. Hopefully this brief overview will make it obvious to you what a serious security risk these files represent, and how laughably easy it was (is) to use them as a vector for malware. m5x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- .hta virus analysys Jim Duggan (Nov 19)
- Re: .hta virus analysys bryce (Nov 19)
- Re: .hta virus analysys Nick FitzGerald (Nov 19)
- Re: .hta virus analysys madsaxon (Nov 19)
- Re: .hta virus analysys Valdis . Kletnieks (Nov 19)
- Re: .hta virus analysys listas (Nov 21)
- Re: .hta virus analysys Maxime Ducharme (Nov 20)
- Re: .hta virus analysys Scott Taylor (Nov 20)
- Re: .hta virus analysys Gary Flynn (Nov 20)
- Re: .hta virus analysys Jelmer (Nov 20)
- Re: .hta virus analysys Nick FitzGerald (Nov 20)
- Re: .hta virus analysys Nick FitzGerald (Nov 19)
- Re: .hta virus analysys bryce (Nov 19)
- Re: .hta virus analysys Gadi Evron (Nov 20)
- <Possible follow-ups>
- Re: .hta virus analysys Feher Tamas (Nov 20)