Spyware spreading through major corporate sites
Results 1 to 10 of 10

Thread: Spyware spreading through major corporate sites

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    11

    Spyware spreading through major corporate sites

    "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms."
    zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed

    Whee...I'm finally taking the time tomorrow to switch all of our company browsers over to Firefox. What fun.

  2. #2
    siwtch to a mac. use safari. problem solved

  3. #3
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    So your "solution" is to buy a $1,500 computer? You should be in sales, not in computers

    An easier (and cheaper) solution would be to just switch browsers, as pointed out in the article. IE isn't the only browser for Windows. If everybody would switch browsers, of course ad/spyware would start targetting those browsers. But the same goes for your solution: if everybody switches to Mac, you'd see a giant uprise in ad/spyware for Mac. But at least people would safe $1,500

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Good Lord Neg,
    How I wish the wifes Mac only cost $1500

    By the time we got the powerbook and the software she needed for it we're talking much closer to $6k.

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    15
    I just thought I would drop this link to a story I recently read that exposes the myth that Mac's are the most secure platform to use.

    Worth a read if you are under the impression Mac OS X is secure.

    http://www.techworld.com/security/ne...fm?NewsID=1798

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    24
    I find Mozilla to be the most stable browser on the win32 platofrm. It (hardly ever) crashes and I don't have to worry about spyware. Easily I spend 8-12 hours a week removing spyware from desktops and servers (in a 500 user, 50 server environment).

    We're currently looking for an anti-spyware solution that we can implement. We need something with a main administration console, preferably web-based....

    I've found pest patrol CE has kind of what we're looking for.

    Anyone else have some ideas?
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If we aren't talking apples and oranges then this is a java script that is uploaded to the compromised web sites and the properties of the site are altered to attach the javascript as a footer to all pages served.

    The script attempts do download malicious code from a web site in Russia that allows spammers to your the compromised client as a relay.

    It is yet unknown how the servers are being compromised..... Can we say "zero day"???

    Mitigate by blocking all access to 217.107.218.147.

    Snort rule for detecting the exploit is:-

    alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT local resource redirection attempt"; flow:to_client,established; content:"Location|3a|"; nocase; pcre:"/^Location\x3a\s*URL\s*\x3a/smi"; reference:cve,2004-0549; reference:url,www.kb.cert.org/vuls/id/713878; classtype:attempted-user; sid:2577; rev:2;)
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Member
    Join Date
    Dec 2003
    Posts
    41
    "Zero Day"I wouldn't quite say that yet. Perhaps the IIS5.0 is not patched? It is often that companies do not patch their servers timely.
    If it is zero-day, then those russians are pretty damn smart.

  9. #9
    Junior Member
    Join Date
    Jun 2003
    Posts
    11
    I've been seeing some conflicting reports. From what I gather, the IIS end of things is a patchable exploit, but there is no patch for the browser end of things if you happen to visit one of these sites with IE.

  10. #10
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Originally posted here by Warchyld
    I've been seeing some conflicting reports. From what I gather, the IIS end of things is a patchable exploit, but there is no patch for the browser end of things if you happen to visit one of these sites with IE.

    Well, some of the reports are conflicting at this point but it seems that some are saying that the IIS servers were compromised by this vulnerability: http://www.microsoft.com/technet/sec.../MS04-011.mspx
    Either by not applying the patch to begin with or by not rebooting the server once the patch was applied.

    You are right, there seems to be no patch currently available for the IE vulnerability. Should definately consider use of another browser full time until IE is patched.
    - Maverick

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •