Full Text

At the Chaos Computer Club in Hamburg, Germany, a club member puts the finishing touches on a new kind of virus-a virus that can seek out an Internet user's personal bank account information and actually transfer funds from the account, without a personal identification or transaction number. Science fiction? Unfortunately not.

While only a demonstration and not an "in the wild" virus, this hacker's virus is particularly alarming for reasons that go beyond its potentially invasive effect. First, the virus is carried by a control development using Microsoft Corporation's ActiveX, which is in growing use on Web pages throughout the world. Second, the virus loads automatically (via the ActiveX control) as the user browses the World Wide Web.

And the Hamburg creation is no fluke. An ActiveX control called "Exploder," widely discussed in security circles, can shut down Microsoft Windows 95 and turn off your computer if it has an energy conservation BIOS. Although this infection is more of an inconvenience than a major problem, this control illustrates the power of these new viruses. Any type of workstation, whether Mac, PC, Unix, or VAX, is at risk, even if you have a firewall between your workstation and the Internet.

What's more, this security breach does not seem to be limited to ActiveX. Similar capabilities are now being attributed to Java, a competing programming language developed by Sun Microsystems. Application macros, Navigator plug-ins, and Macintosh applications can also contain malicious code. This paper specifically addresses concerns raised over offending ActiveX and Java applets. How The Viruses Work ActiveX and Java were created for Web page designers to incorporate a wide array of impressive effects on Web pages, giving movement and added dimension to the previously "flat" Web pages. For example, the stock prices that scroll across the bottom of your screen at some sites or the animation that adorns an increasing number of Web sites are created using ActiveX or Java. ActiveX controls and Java applets are also behind a host of useful applications-from developing personalized interfaces to identifying the current version of software you are using and recommending upgrading with downloadable software.

To operate properly, these ActiveX controls and Java applets need to gain...