Malicious active content definition
Malicious active content is executable code embedded in web pages, emails, or software applications that’s designed to perform malicious actions.
Malicious active content includes scripts, applets, or other software components that compromise security, steal information, damage data, or disrupt the device's or network's normal functioning.
See also: XSS
Examples of malicious active content
- JavaScript. JavaScript is essential for many interactive website features. However, bad actors can implement it maliciously to steal data, redirect users to fraudulent sites, or install malware.
- Email attachments and links. Emails can contain malicious active content in attachments or embedded links.
- Browser plugins and extensions. Malicious browser plugins or extensions perform unauthorized actions (e.g., tracking user activity, displaying unwanted ads, redirecting browser sessions).
- Cross-site scripting (XSS). This web security vulnerability allows attackers to inject malicious scripts into web pages and steal information like login credentials or personal data.
- Drive-by downloads. These often hide in malicious websites and exploit vulnerabilities to install themselves on the user’s system without their consent.
- Macro viruses in documents. Office documents can contain macros – small programs used to automate tasks. Malicious macros execute harmful code when the document is opened.
- Mobile code. Malicious active content works on mobile applications, too, executing harmful actions on smartphones or tablets.