 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
 Posted: Fri Jun 25, 2004 1:26 pm Post subject: IIS Sites and IE Users Under Attack |
 |
|
Security Alert, June 25, 2004
IIS Sites and IE Users Under Attack
A new form of attack is spreading around the Internet, but to what
extent remains unknown at the time of this writing. The attack affects
unpatched Microsoft IIS systems, which, when compromised, then attack
unprotected Microsoft Internet Explorer (IE) systems.
Malicious users use an overflow condition in IIS to compromise an
unpatched system. The vulnerability is related to the Private
Communications Transport (PCT) in Microsoft's SSL library. Malicious
Javascript code is inserted into a Web page, and when unprotected IE
users visit the compromised Web page, IE might run the Javascript code
on the user's system. The code then injects the system with the
attacker's code of choice.
If possible, administrators should install Microsoft patch MS04-011
to protect IIS. According to iDEFENSE, IE users are being compromised
with a combination of two vulnerabilities: One of these
vulnerabilities is related to a problem in MIME Encapsulated Aggregate
HTML (MHTML), and the other is related to ADO databases (ADODB).
Microsoft has made the MS04-013 patch available for the MHTML problem,
but no patch is yet available for the ADODB vulnerability. IE users
should consider disabling active scripting in IE to protect their
systems against these attacks.
http://secadministrator.com/articles/index.cfm?articleid=43088
For more details about this vulnerability, as well as links to
patches, workarounds, and Intrusion Detection System (IDS) signatures
to help detect this attack, be sure to visit our Web site at the
provided URL.
old news now but diferant angel to it.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
 |
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Fri Jun 25, 2004 3:11 pm Post subject: |
|
|
Microsoft Sounds Critical Warning Bell For IIS Flaw
By CXOtoday Staff
Mumbai, June 25, 2004
Widespread rumors about infected web servers inserting a malicious code into IE browsers of website visitors, have been finally confirmed by Microsoft.
The flaw allows an infected web server to install a program that takes complete control of the user's computer. Symantec has christened the Trojan as ‘JS.Scob’, which is a simple program that executes a JavaScript file from a remote server.
Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied Microsoft’s earlier update code named ‘835732’, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and used to attempt to infect users of Internet Explorer with malicious code.
To determine if the malicious code is present, search for files ‘Kk32.dll’ and ‘Surf.dat’. If either one of these files is detected with a Windows search, the machine is infected.
Enterprises can minimize risk by increasing the security of the Local Machine Zone in Internet Explorer.
Since both the components that are being used to spread the Trojan (Internet Information Services 5.0 and IE) are owned by Microsoft, the Redmond giant has initiated a detailed investigation for the incident.
Symantec has detected samples of the trojan attached to image files (JPEG, GIF), and HTML files. When attached to other files, the trojan is detected as JS.Scob.Trojan!inf.
If the file is not accessed through HTTPS and the trojan has not set a currently valid cookie on the system, it launches a JavaScript file at a pre-determined URL.
The trojan then sets a cookie which expires in one week. The cookie starts with the characters "trk716". Thus, once the trojan is triggered, it will not be triggered again until a week later, according to Symantec.
Microsoft claimed that customers who have deployed Windows XP Service Pack 2 RC2 would not be at risk. Symantec, F-Secure, and Computer Associates have releases patches for their respective Antivirus software.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Mon Jun 28, 2004 10:37 am Post subject: |
|
|
Russian Web Site Responsible for Attacks Is Shut Down
Over the weekend, Russian ISPs and law-enforcement agencies shut
down a Web site that was responsible for distributing a malicious
application called Download.Ject, which exploited vulnerabilities in
Microsoft Internet Explorer (IE) and Microsoft Internet Information
Services (IIS) 5.0. The shutdown put an end to what could have been a
nightmare for Windows users. Attackers used the Download.Ject
application--which Microsoft says isn't a worm or a virus--to target a
specific unnamed server on the Internet and steal financial
information and email passwords. The attack's sophistication has
security researchers worried that Download.Ject might be a blueprint
for future attacks. The attackers compromised an IIS Web server by
exploiting a previously fixed vulnerability that hadn't been patched
on that particular server. They then infected every page on the site
with JavaScript code that redirected users to the Russian Web site,
which was set up to imitate the original site. The infected site then
silently installed keystroke recorders and several backdoor-entry
applications on users' PCs. Keep this important fact in mind: Although
Microsoft has already patched IIS, IE is still vulnerable--yet another
reason not to use this dog of a program.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
|
| Back to top |
|
|
wawadave
Warrior Obsessed
Joined: 25 Jan 2004
Last Visit: 24 Jul 2009
Posts: 3448
Location: Illegitimus non carborundum
|
| Posted: Wed Jun 30, 2004 3:21 pm Post subject: |
|
|
In depth: Experts agree on method, not scope of IIS attacks,
06/25/04
One day after reports of Web site attacks surfaced, there was
disagreement about how widespread the attacks were and how many
Internet users were affected by them.
<http://www.nwfusion.com/news/2004/0625experagree.html?nl>
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
