Both of this worm's variants take advantage of a well-known breach in Internet Explorer's (Scriptlet
TypeLib) security system.
Lastline suggested in a blog post, "When Scriptlets
Attack," too often companies, due to lack of malware behavior analysis, dismiss alerts as false positives, losing precious time during which the malware is busy stealing credentials.
As an example, he cites a Northeastern University Web site that is "full of Java applets, image-based navigation, and scriptlets
that were generated by [Adobe] GoLive." He goes on to comment that the "site is 100 percent buzzword compliant" but completely unusable by someone who is visually impaired (pp.
XML-like tags and scriptlets
written in the Java programming language,
Microsoft Corp has been slapped with a patent infringement lawsuit from a hitherto unknown start-up that claims it has the patent on all types of technology that enables developers to embed interactive programs within web pages, including plug-ins, applets, scriptlets
and Active X components.
Drumbeat Design Elements--many of which come bundled with Drumbeat 2.0--can generate pages that include ActiveX controls, Scriptlets