|
A type of malware that uses common, dynamic
scripting
languages (e.g. Java,
Javascript, Active
X, or Visual Basic). Vulnerabilities in the
scripting language are exploited to carry
malicious code, which could be downloaded through a
Web browser and executed on a local system without the user's knowledge or
consent. Malicious active content can be used
for many criminal activities, including to deliver viruses and
worms, send e-mail, record
information from the local user, or to redirect users or content. Active content
is also called mobile code.
See also active content.
|
 eSecurity Planet  A resource for daily information on e-security targeted to IT managers. The site provides users with information from a variety of sources, including experts at security product and services firms, and the consultants who follow the security industry.
Active Content Filter IBM Workplace Active Content Filter (ACF) removes potentially malicious active content (JavaScript, Java) from application content that is displayed in a browser that interprets DHTML.
Microsoft TechNet: Scripting for Security This page provides a list of scripting resources related to security.
Understanding Malicious Content Mitigation for Web Developers CERT Advisory CA-2000-02 describes a problem with malicious tags embedded in client HTTP requests, discusses the impact of malicious scripts, and offers ways to prevent the insertion of malicious tags.
Webopedia's "Did You Know?" Article The Difference Between a Virus, Worm and Trojan Horse.
|
|