I'm not a professional programmer, but I have taken beginners C and I taught myself BASIC. That means that I am way over my head talking about this, so take this with a box of salt. I couldn't write the code, but I believe I understand mechanically how the hole might be exploited for malicious purposes. If anyone can shoot down this theory, PLEASE step forward!
After you link to a web page with a URL, the browser loads the html code and other language instructions that formats the page and then executes. Taking advantage of crash guard programming techniques, the browser or one of the languages in RAM is patched for the processor to jump to a specific memory location in the event of a freeze (if this is possible). A snippit of virus code is written to that specific memory loaction that will execute in the event the browser freezes up. The URL buffer is loaded up causing the program to hang. The instruction at that memory loaction takes control of the processor.
That much is to say that it might be possible. As to greater detail, I do not know if it is possible or not. I do know that the programmer would have to know a lot! He would have to write very precise code for a specific browser or language. He would have to know where to put a jump instruction in order to have it executed during the freeze up.
Once his snippit of malicious code is executed, your computer's RAM and hard drive are exposed. The virus program can do what ever it has been designed to do.
The irony is that only an intelligent and cunningly resourceful mind could, after long hours of dedicated effort, devise a method of getting around all the safeguards just to execute their malicious prank.
What a waste that it happens so often!
HerbVic, JAAO |
