Transmit a virus through PLAIN html -- also need help with this situation
Ok, I've got a question. (Guess I've come to the right place, huh).
Is it possible to transmit a virus through PLAIN html... no java... no dynamic scripting, just plain ole html.
Here's the story behind the question. I know it's gonna be long, but I need some suggestions on how to handle this or any other opinions. -- thanks
I have been arguing with this person for some time now. I had asked him a simple php question since he "claimed" to know it like the back of his hand. He then told me when I wanted to talk about assemblers, then I could speak to him. Well, I had begun working on a Windows Tech support page that included a few instructions (assembly language) examples and tutorials. So I uploaded that page and sent him the link. The page was 100% html with no java scripts or anything. The only thing that you might call "not plain" would be a link to a small external css file. Well he said that he visited this page through a proxy server (that he built) and his proxy server became infected with a virus from my page. He then went on to say that it was so badly infected he had to reformat. I told him that I had sent him an email (to his ISP account) trying to make a truce, but he said he didn't get it because that was the proxy server that I supposedly infected via my plain html site. So, then I told him I didn't think it was possible to get a virus without dynamic scripting. Then he went on to say that there were several ways to transmit a virus through plain html giving an example of using tcp/ip convert to mask image files. Well, all I know about tcp/ip masks are like subnet masks and Ip address classes and I was under the impression "convert" was used to update -- has NOTHING to do with hiding viruses in image files.
Anyway, I asked him to send me his logs since he said he had tracked the virus back to my plain html page. He then said No, he wasn't sending me the logs and he was going to report me for *intentionally* transmitting viruses through this page. AND he hoped my servers were patched because he was going to hack them blah blah blah.
Now I get A LOT of hits on this site and I have not had one single complaint of a virus. I also keep all of my virus definitions up to date. Maybe there is a way to transmit a virus through plain html, but I'm sorry. I'm just not on the up-and-up on spreading viruses.
So, my question is: can you transmit a virus through PLAIN html?
I'd also appreciate anybody's opinion on this situation. -- Thanks
Suzanne posted this at 20:10 — 20th December 2003.
She has: 5,507 posts
Joined: Feb 2000
No.
You can conceivably transmit viruses by using HTML to trigger holes in IE that lead to other sites that contain viruses, though, and people can do the same using your page as the "visible" address while their nasty work is hidden, but since you sent him the link, one would assume that no one hijacked that link.
You can conceivably transmit viruses through image files, embedded in the image files, however they have to be interpreted, I believe, on the other end. Some viruses have been sent through special .jpg files but they have a different extension.
If you didn't put it there, and you know everything that was linked, then it wasn't you.
Also, well, trolls are everywhere in various guises. Don't let them get you down.
red_headed posted this at 22:38 — 20th December 2003.
She has: 30 posts
Joined: Dec 2003
Thank you so much Suzanne. You just made me feel a lot better. For some reason this guy has gotten under my skin. It's possibly because he keeps claiming to know everything you could possibly know in the IT field, yet when you ask him a simple question he resorts to hostility or some other absurd claim like "I gave him a virus". As for the page, that was the very first time I had ever uploaded it and the link I sent him was the direct link to the html file on my server... no hidden links or redirects and no one else knew of the file.
Anyway, yes, you're right. There are always trolls out there
Thanks again.
Busy posted this at 22:46 — 20th December 2003.
He has: 6,151 posts
Joined: May 2001
HTML isn't a programming language, it's a display language, all it can do is display stuff (bad example this is red). The worst a HTML file can do is not display or display things totally different to how you want them - bad coding (missing tags, badly nested tags ...)
As mentioned image files can be 'interfered with' but that isn't HTML either, as the HTML only displays what image to display, from where, how high, wide ...
Sounds like you need to find another helper/mentor/advisor
red_headed posted this at 23:02 — 20th December 2003.
She has: 30 posts
Joined: Dec 2003
LOL. Thanks busy for the reply. And no, I would definitely not classify this guy as a "helper/advisor/mentor", lol. Just someone who hasn't hit reality yet and realize the fact that you can't know everything about everything IT... it's way too multi-fauceted and by time you really get something down, it changes, lol. I know there was no virus on my server and I DEFINITELY know if he got a virus from somewhere, it wasn't my page. It is however highly likely he got one from one of the NUMEROUS "hacker" sites he visits or one of their "free downloads".
ANYWAY.. wow, nice steam blow-off, lol. Thanks busy for clearing that up. I'm going to send him this link to this thread, but I'm sure he's going to either say that the 2 of you don't know what you're talking about OR he got a virus from this site too, lol. Cheers.
Renegade posted this at 00:47 — 21st December 2003.
He has: 3,022 posts
Joined: Oct 2002
What I know of Viruses maybe entirely off the mark but don't they have to be in .exe and has to be excuted?
Busy posted this at 01:33 — 21st December 2003.
He has: 6,151 posts
Joined: May 2001
doesn't have to be .exe but has to be excuted, example say someone made virus.jpg.bad the person would have to excute (open/run) the .bad file for it to take effect. it gets techo but there are a lot of automated tools to open these, ie your email client will automaticaly try open it (if allowed)
a lot of people have 'hide file types' option set so wouldn't see most renamed things, and if they saw virus.jpg (really virus.jpg.bad) would think its an image.
.bad isn't a file type btw, just used it as example
if you want more info on virus etc take a look around the antivirus sites
red_headed posted this at 05:23 — 21st December 2003.
She has: 30 posts
Joined: Dec 2003
Busy do you have any idea what he might have been talking about when he said using tcp/ip and convert or does this sound like something that was just made up? I'm not interested in the details of how to do... just curious if it's fictious
Suzanne posted this at 05:49 — 21st December 2003.
She has: 5,507 posts
Joined: Feb 2000
http://www.yale.edu/pclt/COMM/TCPIP.HTM this may help dispel any myths...
Also, this: http://www3.mwc.edu/~jhaynes/tcpip.htm
TCP/IP isn't a virus method itself, anymore than the twit racing down the highway is the fault of the highway itself. It's just the conduit, the carrier.
This may be of interest: http://www.virusbtn.com/resources/viruses/indepth/sma.xml
The fact is that something that would require vigorous removal doesn't come from HTML. It's not possible. Nor from JavaScript (which is client-side and doesn't affect the operating system), nor from CSS.
druagord posted this at 14:55 — 21st December 2003.
He has: 335 posts
Joined: May 2003
By the way People "who know everything" have a software that assure them that their computer doesn't get infected by virus
red_headed posted this at 15:36 — 21st December 2003.
She has: 30 posts
Joined: Dec 2003
Thanks Suzanne for the links... I believe they officalize what I thought to begin with -- that he didn't get a virus from my page. Again, thank you very much for your input on this.
LOL... good point druagord, lol... very good point. This person did tell my friend that he had made his own anti-virus program, so maybe he left out some virus definitions or something.
I really hate being like this (seeking so strongly to disprove this person) because I'm normally very easy going and I don't get myself into this sort of thing. BUT this person just keeps going on and on and on about how he knows EVERYTHING, then continued to further irritate me by resorting to very offensive comments whenever I questioned his knowledge. I guess I'm just going to let this be the last note, be the bigger person and end the bickering. It is very childish, but sometimes, one of 'em will just get to ya. Thanks to everyone for your knowledge and support. BTW -- great forum, wonderful people.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.