A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user. Since such applets or little application programs can be embedded in any HTML file, they can also arrive as an e-mail attachment or automatically as the result of being pushed to the user. Vandals can be viewed as viruses that can arrive over the Internet stuck to a Web page. Vandals are sometimes referred to as "hostile applets."
Vandals can be harmful in two general ways:
- They can get access to sensitive information within the computer system where they execute, such as passwords and encryption keys.
- They can cause loss or denial of service within the local computer system. For example, they can flood the system with data so that it runs out of memory, or they can slow down Internet connections.
The best way to protect yourself against a hostile applet is to know who you are downloading a Web page from or who has sent you an HTML page as an e-mail attachment. Major corporate Web sites or major Web publishers are unlikely to be the source of a vandal (but it can happen). One recent scam in late 1997 involved a pornography site that invited the downloading of a page whose ActiveX control reconnected the user to the Web through an expensive international phone number. In another incident, a group of German crackers demonstrated an ActiveX control that could transfer funds from one bank account to another without having to enter a user identification number.