To "infect" another user's computer, you need to perform to basic, generalized steps as a virus writer/deployer.
- Get the executable code onto the victim's computer
- Execute the code on the victim's computer
It is apparent that the most prolific way to accomplish step 1 is through email attachments. Email attachments are automatically downloaded. As a virus writer, you are halfway there. Step 2 can be accomplished by relying on the stupidity of the general populace (which is an unsurprisingly safe gamble) or exploit a "vulnerability/feature" in the victim's client software that causes the code to be executed without the victim's expressed intent via directed action.
To curb this, there are now 97 different kludgy ways to protect computers ranging from email-server stopgaps to firewalls at ISP gateways to personal firewalls to anti-virus software to patches upon patches upon patches that need to be applied to email clients to keep them up to date. All of this just to stop the two basic steps described above.
Well, good news for virus writers because people are coming up with another excellent method to propogate viruses -- RSS Enclosures.
The "enclosures" feature in RSS 2.0, basically, can allow one's computer to download binary or otherwise large pieces of data onto your hard drive assuming your aggregator supports it. At the point it is on your hard drive, it is up to the user and/or the(possibly poorly written) aggregator to determine whether or not to execute the code.
Granted, is it that much different than providing a hyperlink on a web page to a .exe and hoping the user executes it? No. But, in the browser world, that has been dealt with to some extent. In the aggregator world, it has not. And, I do not have faith in the homegrown, side-project aggregators to have a mature enough code base to begin correctly handling these items.
J$
$a="A"and$'_="J";map{$a++}(66..ord
);$$_='$';print$'a,$$a
Comments