Leech Computing
Frequently Asked Questions (and Comments)
Last updated 22 February 2002
Isn't this is just another virus/trojan?
No, because it does not infect your computer. As soon as you leave the page, or close the
pop-up window, it is no longer running. It also does not spread from computer to computer;
it is transmitted from the server to multiple clients.
Isn't this just another form of SpyWare?
No, because the leech is just processing data and sending it back to the server. It is only
running inside a web page, so it does not know about any other web pages you are/were viewing.
This will work on Windows only.
ActiveX is Windows only, but JavaScript and Java applets will run on just about any browser and
operating system.
You will be sued if you try this!
I am only enlightening people to the possibility. The only time I will actually use Leech
Computing is in part 2, and you will be fully informed as to what the leech is going to do and
how it will do it.
(Insert your favorite firewall software) will set off an alarm when the leech tries to send
the data back.
No, it will not, because the leech is running inside your browser, and your browser DOES have
access to the Internet, right? The way the leech will send back data is no different than you
submitting a form or clicking on a link.
The JavaScript program (the leech) will be easy to notice because the browser will take all
the CPU cycles, or, JavaScript cannot be throttled to use less than 100% of the CPU cycles.
JavaScript CAN be throttled; Just look up setTimeout().
JavaScript is too slow to be useful.
While it is true that JavaScript crunching floating point numbers is about 1/60 the speed of
compiled C code, it is very easy to update the code quickly and you could perhaps even auto
generate the code. Anyway, Java and ActiveX could also be used for more speed.
Great, now all the hackers will use this, or, now I have something else to worry about.
Ignorance may be bliss, but that will not stop someone from leeching you.
You should have added some JavaScript code to that 'Next Page' button.
I could have, but I would have had many ticked off readers! I will save all that for part 2.
Can't an HTTP proxy filter out or disable the JavaScript just like cookies?
Yes, it could, but it would not be easy because the JavaScript could be obfuscated to make it
harder to recognize. Also, if the JavaScript is auto generated it could be changing regularly,
even daily or hourly.
Won't my virus scanner warn me about the leech?
It could, if it is updated with the proper signature. ActiveX and Java will be fairly easy since
they will probably not be updated regularly, but new ways of identifying and capturing them will
need to be found. However, JavaScript could be almost impossible to defend against because it can
be auto generated and changing daily or hourly.