Both of this worm's variants take advantage of a well-known breach in Internet Explorer's (Scriptlet TypeLib) security system.
Lastline suggested in a blog post, "When Scriptlets Attack," too often companies, due to lack of malware behavior analysis, dismiss alerts as false positives, losing precious time during which the malware is busy stealing credentials.
As an example, he cites a Northeastern University Web site that is "full of Java applets, image-based navigation, and scriptlets that were generated by [Adobe] GoLive." He goes on to comment that the "site is 100 percent buzzword compliant" but completely unusable by someone who is visually impaired (pp.
XML-like tags and scriptlets written in the Java programming language,
Microsoft Corp has been slapped with a patent infringement lawsuit from a hitherto unknown start-up that claims it has the patent on all types of technology that enables developers to embed interactive programs within web pages, including plug-ins, applets, scriptlets and Active X components.
Drumbeat Design Elements--many of which come bundled with Drumbeat 2.0--can generate pages that include ActiveX controls, Scriptlets, Java Applets, COM objects, JavaScript functions, and DHTML tags.