Mobile code

Mobile code is software that is transmitted from a remote system to be executed on a local system, typically without the user's explicit instruction. It has become a popular way of writing programs that can be used by many different operating systems and applications, such as Web browsers and e-mail clients. Although mobile code is typically benign, attackers have learned that malicious mobile code can be an effective way of attacking systems, as well as a good mechanism for transmitting viruses, worms, and Trojan horses to users' workstations.

Malicious mobile code differs significantly from viruses and worms in that it does not infect files or attempt to propagate itself. Instead of exploiting particular vulnerabilities, it often affects systems by taking advantage of the default privileges granted to mobile code. Popular languages for malicious mobile code include Java, ActiveX, JavaScript, and VBScript. One of the best-known examples of malicious mobile code is Nimda, which used JavaScript.