DOCSLIB.ORG

Vbscript Programmer’S Reference Third Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

VBScript Programmer’s Reference Third Edition Adrian Kingsley-Hughes Kathie Kingsley-Hughes Daniel Read Wiley Publishing, Inc. ffirs.indd iii 8/28/07 9:41:21 AM ffirs.indd vi 8/28/07 9:41:22 AM VBScript Programmer’s Reference Third Edition Introduction . xxv Chapter 1: A Quick Introduction to Programming . 1 Chapter 2: What VBScript Is — and Isn’t! . 31 Chapter 3: Data Types . 45 Chapter 4: Variables and Procedures . 83 Chapter 5: Control of Flow . 109 Chapter 6: Error Handling and Debugging . 129 Chapter 7: The Scripting Runtime Objects . 183 Chapter 8: Classes in VBScript (Writing Your Own COM Objects) . 209 Chapter 9: Regular Expressions . 233 Chapter 10: Client-Side Web Scripting . 261 Chapter 11: Windows Sidebars and Gadgets . 287 Chapter 12: Task Scheduler Scripting . 309 Chapter 13: PowerShell . 345 Chapter 14: Super-Charged Client-Side Scripting . 375 Chapter 15: Windows Script Host . 405 Chapter 16: Windows Script Components . 465 Chapter 17: Script Encoding . 489 Chapter 18: Remote Scripting . 509 Chapter 19: HTML Applications . 517 Chapter 20: Server-Side Web Scripting . 535 Chapter 21: Adding VBScript to Your VB and .NET Applications . 569 (Continued) ffirs.indd i 8/28/07 9:41:21 AM Appendix A: VBScript Functions and Keywords . 603 Appendix B: Variable Naming Convention . 675 Appendix C: Coding Conventions . 677 Appendix D: Visual Basic Constants Supported in VBScript . 681 Appendix E: VBScript Error Codes and the Err Object . 687 Appendix F: The Scripting Runtime Library Object Reference . 703 Appendix G: The Windows Script Host Object Model . 715 Appendix H: Regular Expressions . 723 Appendix I: The Variant Subtypes . 727 Appendix J: ActiveX Data Objects . 731 Index . 759 ffirs.indd ii 8/28/07 9:41:21 AM VBScript Programmer’s Reference Third Edition Adrian Kingsley-Hughes Kathie Kingsley-Hughes Daniel Read Wiley Publishing, Inc. ffirs.indd iii 8/28/07 9:41:21 AM VBScript Programmer’s Reference, Third Edition Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-16808-0 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data Kingsley-Hughes, Adrian. VBScript programmer’s reference / Adrian Kingsley-Hughes, Kathie Kingsley-Hughes, Daniel Read. p. cm. Includes index. ISBN 978-0-470-16808-0 (paper/website) 1. VBScript (Computer program language) 2. HTML (Document markup language) 3. World Wide Web. I. Kingsley-Hughes, Kathie. II. Read, Daniel, 1969– III. Title. IV. Title: VB Script programmer’s reference. QA76.73.V27K56 2007 005.2' 762—dc22 2007028895 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disap- peared between when this work was written and when it is read. For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Programmer to Programmer, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respec- tive owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. ffirs.indd iv 8/28/07 9:41:22 AM To my kids—you guys are great! —Adrian To my parents, for their loving support and enduring patience. And to my kids, for being just so cool! —Kathie ffirs.indd v 8/28/07 9:41:22 AM ffirs.indd vi 8/28/07 9:41:22 AM About the Authors Adrian Kingsley-Hughes has made his living as a technology writer for over a decade, with many books and articles to his name. He can also be found teaching classes on the Web, where he has success- fully taught technology skills to thousands of learners, with his own special brand of knowledge, experi- ence, wit, and poor spelling. He is also editor of the ZDNet blog Hardware 2.0 ( http://blogs.zdnet .com/hardware ). Kathie Kingsley-Hughes has worked in IT training for many years. In addition to writing, she now works as a courseware developer and e-trainer, specializing in Internet technologies. She also runs a web development company in the United Kingdom. Daniel Read is a software developer living and working in Atlanta, GA, USA. He currently works for Connecture Inc., an Atlanta-based software consulting firm specializing in the insurance industry. Daniel also publishes and writes essays for developers at DeveloperDotStar.com, a web-based magazine for software professionals. ffirs.indd vii 8/28/07 9:41:22 AM ffirs.indd viii 8/28/07 9:41:23 AM Credits Acquisitions Editor Vice President and Executive Group Publisher Katie Mohr Richard Swadley Development Editor Vice President and Executive Publisher Maureen Spears Joseph B. Wikert Technical Editor Project Coordinator, Cover Andrew Moore Adrienne Martinez Copy Editor Proofreader Mildred Sanchez Ian Golder Editorial Manager Indexer Mary Beth Wakefield Johnna VanHoose Dinse Production Manager Anniversary Logo Design Tim Tate Richard Pacifico ffirs.indd ix 8/28/07 9:41:23 AM ffirs.indd x 8/28/07 9:41:23 AM Acknowledgments Writing a book is hard work, and writing a third edition is even harder! The process involves a lot more people than just those listed on the cover (although thanks must got to Kathie and Dan for their hard work). My sincerest thanks goes out to everyone who made this book possible, from the initial idea of revamping this title for a second time to getting it onto the shelves. —Adrian Many thanks to family, friends, and colleagues, who have been very supportive during the writing of this book. A big thank you to all the editors, tech reviewers, and production staff who worked so hard on this edition. —Kathie I thank my fellow authors, Adrian and Kathie, and also the fine editorial staff at Wiley. —Daniel ffirs.indd xi 8/28/07 9:41:23 AM ffirs.indd xii 8/28/07 9:41:23 AM Contents Acknowledgments xi Introduction xxv Chapter 1: A Quick Introduction to Programming 1 Variables and Data Types 2 Using Variables 2 Using Comments 4 Using Built-in VBScript Functions 5 Understanding Syntax Issues 6 Flow Control 9 Branching 9 Looping 14 Operators and Operator Precedence 18 Organizing and Reusing Code 19 Modularization, Black Boxes, Procedures, and Subprocedures 20 Turning Code into a Function 21 Advantages to Using Procedures 23 Top-Down versus Event-Driven 23 Understanding Top-Down Programming 24 Understanding Event-Driven Programming 24 How Top-Down and Event-Driven Work Together 24 An Event-Driven Code Example 25 Coding Guidelines 25 Expect the Unexpected 26 Always Favor the Explicit over the Implicit 27 Modularize Your Code into Procedures, Modules, Classes, and Components 27 Use the “Hungarian” Variable Naming Convention 28 Don’t Use One Variable for More Than One Job 28 Always Lay Out Your Code Properly 28 Use Comments to Make Your Code More Clear and Readable, but Don’t Overuse Them 29 Summary 29 Chapter 2: What VBScript Is — and Isn’t! 31 Windows Script 31 Version Information 32 ftoc.indd xiii 8/28/07 2:30:19 PM Contents VBScript Is a Subset of VB 32 VBScript Is a Scripting Language 33 VBScript Is Interpreted at Runtime 33 Runtime Compilation — Disadvantages 34 Runtime Compilation — Advantages 35 Advantages of Using VBScript 36 Is VBScript Right for You? 37 How VBScript Fits
Recommended publications
  • Adobe Introduction to Scripting

    Adobe Introduction to Scripting

    ADOBE® INTRODUCTION TO SCRIPTING © Copyright 2007 Adobe Systems Incorporated. All rights reserved. Adobe® Introduction to Scripting NOTICE: All information contained herein is the property of Adobe Systems Incorporated. No part of this publication (whether in hardcopy or electronic form) may be reproduced or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written consent of Adobe Systems Incorporated. The software described in this document is furnished under license and may only be used or copied in accordance with the terms of such license. This publication and the information herein is furnished AS IS, is subject to change without notice, and should not be construed as a commitment by Adobe Systems Incorporated. Adobe Systems Incorporated assumes no responsibility or liability for any errors or inaccuracies, makes no warranty of any kind (express, implied, or statutory) with respect to this publication, and expressly disclaims any and all warranties of merchantability, fitness for particular purposes, and non-infringement of third-party rights. Any references to company names in sample templates are for demonstration purposes only and are not intended to refer to any actual organization. Adobe®, the Adobe logo, Illustrator®, InDesign®, and Photoshop® are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Apple®, Mac OS®, and Macintosh® are trademarks of Apple Computer, Inc., registered in the United States and other countries. Microsoft®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. JavaScriptTM and all Java-related marks are trademarks or registered trademarks of Sun Microsystems, Inc.
  • Vbscript Programmer's Reference

    Vbscript Programmer's Reference

    Table of Contents VBScript Programmer's Reference...................................................................................................................1 Introduction.........................................................................................................................................................6 Who is this Book For?............................................................................................................................6 How to Use this Book.............................................................................................................................6 What is VBScript?..................................................................................................................................7 What Can You Do With VBScript?......................................................................................................11 What Tools Do You Need to Use VBScript?.......................................................................................14 What's New in VBScript 5?..................................................................................................................15 Code Conventions.................................................................................................................................17 Tell Us What You Think.......................................................................................................................17 Customer Support.................................................................................................................................18
  • Xcentrisity® BIS Addpack for Visual COBOL

    Xcentrisity® BIS Addpack for Visual COBOL

    Xcentrisity® BIS AddPack for Visual COBOL User's Guide Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com © Copyright 2009-2020 Micro Focus or one of its affiliates. MICRO FOCUS, the Micro Focus logo and Visual COBOL are trademarks or registered trademarks of Micro Focus or one of its affiliates. All other marks are the property of their respective owners. 2020-06-17 ii Contents Xcentrisity Business Information Server for Visual COBOL User's Guide ............................................................................................................................. 5 Copyright and Trademarks .................................................................................................. 5 Introducing the Business Information Server ...................................................................... 5 Overview .................................................................................................................. 6 Installation on Windows ............................................................................................7 Installation on UNIX ..................................................................................................9 Testing the Installation ............................................................................................11 Uninstalling BIS for IIS ........................................................................................... 11 Uninstalling BIS for Apache ....................................................................................12
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014

    HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014

    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
  • Aspects of AJAX

    Aspects of AJAX

    Aspects of AJAX Aspects of AJAX Published online at http://www.mathertel.de/AJAX/AJAXeBook.aspx By Matthias Hertel, 2005•2007 Version 1.2 published 1. May 2007 1 Aspects of AJAX About this book This book is about an AJAX Framework and an AJAX Engine for JavaScript, XML, SOAP, WSDL und ASP.NET using standard Web Services on the server. This book is containing the updated articles and samples from my Blog "Aspects of AJAX", available at http://ajaxaspects.blogspot.com/ together with some new and rewritten articles. The implementation of the Samples, the AJAX Engine and a lot of web controls can be found on http://www.mathertel.de/AJAXEngine/. The License This book and all the articles on my blog are licensed under a Creative Commons Attribution 2.0 License that can be found at http://creativecommons.org/licenses/by/2.0/de/. The software itself is licensed under a BSD style license that can be found at http://www.mathertel.de/License.aspx. State of this book This book is still not finished and will be updated and extended from time to time. You will find more information when reading the Blog or downloading a new copy of this book. There are still a lot of aspects undocumented or undiscovered. State of the Software The AJAX engine is working fine in many projects I do myself and I’ve heard about and you can use it where ever you want. The license model I’ve chosen to publish the information and the source code allows also a commercial use of it.
  • Market-Driven Framework for Guiding Optimisation Decisions in Embedded Systems Master of Science Thesis in the Software Engineering Programme

    Market-Driven Framework for Guiding Optimisation Decisions in Embedded Systems Master of Science Thesis in the Software Engineering Programme

    Market-Driven Framework for Guiding Optimisation Decisions in Embedded Systems Master of Science Thesis in the Software Engineering Programme Sofia Charalampidou Paschalis Tsolakidis Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering Göteborg, Sweden, August 2013 The Author grants to Chalmers University of Technology and University of Gothenburg the non- exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Market-Driven Framework for Guiding Optimisation Decisions in Embedded Systems Sofia Charalampidou, Paschalis Tsolakidis © Sofia Charalampidou, August 2013. © Paschalis Tsolakidis, August 2013. Examiner: Richard Torkar Supervisors: Christian Berger (Chalmers), Tobjörn Mattsson (Mecel AB) Chalmers University of Technology University of Gothenburg Department of Computer Science and Engineering SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden August 2013 Market Driven Framework for Guiding Optimisation Decisions in Embedded Systems CHALMERS UNIVERSITY OF TECHNOLOGY Department of Computer Science and Engineering Abstract The recent need for web connectivity in the embedded systems domain and in particular the In-Vehicle Infotainment (IVI), has fired discussions about the integration of HTML components in these systems.
  • Rational Robot User's Guide

    Rational Robot User's Guide

    Rational Software Corporation® Rational® Robot User’s Guide VERSION: 2003.06.00 PART NUMBER: 800-026172-000 WINDOWS [email protected] http://www.rational.com Legal Notices ©1998-2003, Rational Software Corporation. All rights reserved. Part Number: 800-026172-000 Version Number: 2003.06.00 This manual (the "Work") is protected under the copyright laws of the United States and/or other jurisdictions, as well as various international treaties. Any reproduction or distribution of the Work is expressly prohibited without the prior written consent of Rational Software Corporation. The Work is furnished under a license and may be used or copied only in accordance with the terms of that license. Unless specifically allowed under the license, this manual or copies of it may not be provided or otherwise made available to any other person. No title to or ownership of the manual is transferred. Read the license agreement for complete terms. Rational Software Corporation, Rational, Rational Suite, Rational Suite ContentStudio, Rational Apex, Rational Process Workbench, Rational Rose, Rational Summit, Rational Unified Process, Rational Visual Test, AnalystStudio, ClearCase, ClearCase Attache, ClearCase MultiSite, ClearDDTS, ClearGuide, ClearQuest, PerformanceStudio, PureCoverage, Purify, Quantify, Requisite, RequisitePro, RUP, SiteCheck, SiteLoad, SoDa, TestFactory, TestFoundation, TestMate and TestStudio are registered trademarks of Rational Software Corporation in the United States and are trademarks or registered trademarks in other countries. The Rational logo, Connexis, ObjecTime, Rational Developer Network, RDN, ScriptAssure, and XDE, among others, are trademarks of Rational Software Corporation in the United States and/or in other countries. All other names are used for identification purposes only and are trademarks or registered trademarks of their respective companies.
  • Write Once, Pwn Anywhere

    Write Once, Pwn Anywhere

    Write Once, Pwn Anywhere Yang Yu Twitter: @tombkeeper Agenda • Summon BSTR back • JScript 9 mojo • “Vital Point Strike” • “Interdimensional Execution” Who am I? • From Beijing, China • Director of Xuanwu Security Lab at Tencent – We're hiring • Researcher from 2002, geek from birth – Strong focus on exploiting and detection • Before 2002, I am a… Before 2002 Now Summon BSTR back About BSTR JScript 5.8 and earlier use BSTR to store String object data struct BSTR { LONG length; WCHAR* str; } var str = “AAAAAAAA”; 0:016> dc 120d0020 l 8 120d0020 00000010 00410041 00410041 00410041 ....A.A.A.A.A.A. 120d0030 00410041 00000000 00000000 00000000 A.A............. Corrupt BSTR prefix var str = “AAAAAAAA”; 0:016> dc 120d0020 l 4 120d0020 00000010 00410041 00410041 00410041 ....A.A.A.A.A.A. writeByVul(0x120d0020, 0x7ffffff0); 0:016> dc 120d0020 l 4 120d0020 7ffffff0 00410041 00410041 00410041 ....A.A.A.A.A.A. var outofbounds = str.substr(0x22222200,4); * Peter Vreugdenhil, “Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit” Locate the address of BSTR prefix var strArr = heapSpray("\u0000"); var sprayedAddr = 0x14141414; writeByVul(sprayedAddr); for (i = 0; i < strArr.length; i++) { p = strArr[i].search(/[^\u0000]/); if (p != -1) { modified = i; leverageStr = strArr[modified]; bstrPrefixAddr = sprayedAddr - (p)*2 - 4; break; } } * Fermin J. Serna, “The info leak era on software exploitation” JScript 9 replaced JScript 5.8 since IE 9 JScript 9 does not use BSTR now So exploiters switch to flash vector object But, JScript 5.8 is still there We can summon it back The spell to summon JScript 5.8 back <META http-equiv = "X-UA-Compatible" content = "IE=EmulateIE8"/> <Script Language = "JScript.Encode"> … </Script> or <META http-equiv = "X-UA-Compatible" content = "IE=EmulateIE8"/> <Script Language = "JScript.Compact"> … </Script> * Some features are not supported with JScript.Compact, like eval().
  • HTML5 for .NET Developers by Jim Jackson II Ian Gilman

    HTML5 for .NET Developers by Jim Jackson II Ian Gilman

    S AMPLE CHAPTER Single page web apps, JavaScript, and semantic markup Jim Jackson II Ian Gilman FOREWORD BY Scott Hanselman MANNING HTML5 for .NET Developers by Jim Jackson II Ian Gilman Chapter 1 Copyright 2013 Manning Publications brief contents 1 ■ HTML5 and .NET 1 2 ■ A markup primer: classic HTML, semantic HTML, and CSS 33 3 ■ Audio and video controls 66 4 ■ Canvas 90 5 ■ The History API: Changing the game for MVC sites 118 6 ■ Geolocation and web mapping 147 7 ■ Web workers and drag and drop 185 8 ■ Websockets 214 9 ■ Local storage and state management 248 10 ■ Offline web applications 273 vii HTML5 and .NET This chapter covers ■ Understanding the scope of HTML5 ■ Touring the new features in HTML5 ■ Assessing where HTML5 fits in software projects ■ Learning what an HTML application is ■ Getting started with HTML applications in Visual Studio You’re really going to love HTML5. It’s like having a box of brand new toys in front of you when you have nothing else to do but play. Forget pushing the envelope; using HTML5 on the client and .NET on the server gives you the ability to create entirely new envelopes for executing applications inside browsers that just a few years ago would have been difficult to build even as desktop applications. The abil- ity to use the skills you already have to build robust and fault-tolerant .NET solu- tions for any browser anywhere gives you an advantage in the market that we hope to prove throughout this book. For instance, with HTML5, you can ■ Tap the new Geolocation API to locate your users anywhere
  • Technologies for Connecting and Using Databases and Server Applications on the World Wide Web

    Technologies for Connecting and Using Databases and Server Applications on the World Wide Web

    Technologies for Connecting and Using Databases and Server Applications on the World Wide Web by Adolfo G. Castellon Jr. Submitted to the Department of Electrical Engineering and Computer Science on May 23, 1997, in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science Abstract This paper presents a study of current technologies used to build applications that make use of the World Wide Web. In particular, this paper discusses three different technologies (Java Beans, OLE/ActiveX and CORBA) born of very different heritage, that are evolving towards a common goal. The emphasis is on technologies that have been recently developed to connect databases to Web applications. Two applications created by the author are used to demonstrate specific types of emerging web technologies. Thesis Supervisor: Dr. Amar Gupta Title: Co-Director, Productivity from Information Technology (PROFIT) Initiative Table of Contents 1 Introduction..............................................................................................................................................................3 1.1 Overview...................................................................................................................................................... ..................................................................................................................................................................3 1.2 Conventions: How to Read This Document.........................................................................................
  • Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5

    Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5

    Level One Benchmark Windows NT 4.0 Operating Systems V1.0.5 Copyright 2003, The Center for Internet Security www.cisecurity.org Page 2 of 32 Terms of Use Agreement Background. CIS provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products (“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a “quick fix” for anyone’s information security needs. No representations, warranties and covenants. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any Product or Recommendation. CIS is providing the Products and the Recommendations “as is” and “as available” without representations, warranties or covenants of any kind. User agreements. By using the Products and/or the Recommendations, I and/or my organization (“we”) agree and acknowledge that: 1. No network, system, device, hardware, software or component can be made fully secure; 2.
  • All Your Iframes Point to Us

    All Your Iframes Point to Us

    All Your iFRAMEs Point to Us Niels Provos Panayiotis Mavrommatis Moheeb Abu Rajab Fabian Monrose Google Inc. Johns Hopkins University {niels, panayiotis}@google.com {moheeb, fabian}@cs.jhu.edu Abstract tacks are being replaced by other mechanisms. Chief As the web continues to play an ever increasing role among these is the exploitation of the web, and the ser- in information exchange, so too is it becoming the pre- vices built upon it, to distribute malware. vailing platform for infecting vulnerable hosts. In this This change in the playing field is particularly alarm- paper, we provide a detailed study of the pervasiveness ing, because unlike traditional scanning attacks that use of so-called drive-by downloads on the Internet. Drive- push-based infection to increase their population, web- by downloads are caused by URLs that attempt to exploit based malware infection follows a pull-based model. For their visitors and cause malware to be installed and run the most part, the techniques in use today for deliver- automatically. Over a period of 10 months we processed ing web-malware can be divided into two main cate- billions of URLs, and our results shows that a non-trivial gories. In the first case, attackers use various social en- amount, of over 3 million malicious URLs, initiate drive- gineering techniques to entice the visitors of a website by downloads. An even more troubling finding is that to download and run malware. The second, more de- approximately 1.3% of the incoming search queries to vious case, involves the underhanded tactic of targeting Google’s search engine returned at least one URL labeled various browser vulnerabilities to automatically down- as malicious in the results page.