-
October 1st, 2003, 08:16 PM
#1
New Worm via IE Object Data Exploit
Yeah, I've had quite a fun day here....
Look out for this little bugger as I have got this infection at one site already.
http://www.europe.f-secure.com/v-descs/delude.shtml
Snip:
NAME: Delude
ALIAS: Trojan.BAT.Startpage.a
Delude is a trojan that is available on a web page. The web page contains a code that uses a vulnerability in the Internet Explorer (MS03-032) to execute.
More information about the vulnerability, including a fix, is available from Microsoft at: http://www.microsoft.com/security/se...s/ms03-032.asp
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 1st, 2003, 09:24 PM
#2
let me ask you, how did they wind up at the bad page to begin with? did someone send them a link or did you just get the standard reply...idonknow
i can see how a batch file can download a file via ftp and execute it but how does it change the start page. unless it writes and calls a wsh script.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
October 1st, 2003, 09:31 PM
#3
We got a few responses. Some were honest and said they clicked on one of those online "win a prize" or "go here because you are a winner". Others said they received a "wierd" e-mail and clicked on the link (which makes the most sense to me). Others lied and said that they didn't do anything.
So far we have seen several variations of this. Some point to NS1.AOL.COM and crash IE when you try to run media player within IE. This one is removed easily with SpyBot but there are a few other variations that point to other name servers and also add host file entries, etc.
Whatever this is, it is quite nasty. The virus link I posted, while not "hot off the press" seems to be at very least related to the new variations we have seen over the past few days.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 2nd, 2003, 12:13 AM
#4
Banned
What is the script written in?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|