Can TXT cookies carry Malware?

[Knot2Brite]

I had read and believed cookies had some privacy risk but they could not carry Trojans or viruses.

A Dell computers service technician said that Microsoft, among others, had cookies which could act as spyware. The cookie could transmit details about your system configuration, passwords etc.

I had thought that if a file was not an executable, this was not possible.

Having been wrong once or twice before I felt it was prudent to ask knowledgeable people.

Thank you

 

[DelJo63]

I had read and believed cookies had some privacy risk but they could not carry Trojans or viruses.

hogwash. Here's how cookies work:

1. you access a webpage and it sets the 'cookie' which has a REALM associated with it
2. the next time a page that originates from that REALM, the cookie is shown to the website for each page you fetch that is related

There is no active code in any cookie! Now the 'hazard' with cookies is how the REALM gets set. Some are designed as 'tracking cookies', meaning

• they are returned to all websites (by design)
• and thus the webmaster knows where you've been surfing

cookies which could act as spyware. The cookie could transmit details about your system configuration, passwords etc.

(1) and (2) leads to the opportunity to 'return whatever cookies are present'. If there's configuration data,
userid/passwds, then so be it .
Personal/Privated data stored in cookies is normally encrypted stuff and not always using
obvious means, so if that kind of data were stored from REALM=A and you access google.com,
it is not a given that you have a security breach.

The majority of cookie data is Session related to the website that set the cookie(s),
not scraping your pc for extra stuff to export.
It takes some junk code like ActiveX to access the registry on your system -- another reason not to allow it

Firefox has a config option to 'Delete Private Data' upon exiting the browser and
you can include Cookies at that time.