-
June 25th, 2004, 01:51 PM
#1
Junior Member
Spyware spreading through major corporate sites
"ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms."
zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed
Whee...I'm finally taking the time tomorrow to switch all of our company browsers over to Firefox. What fun.
-
June 25th, 2004, 02:14 PM
#2
siwtch to a mac. use safari. problem solved
-
June 25th, 2004, 02:20 PM
#3
So your "solution" is to buy a $1,500 computer? You should be in sales, not in computers
An easier (and cheaper) solution would be to just switch browsers, as pointed out in the article. IE isn't the only browser for Windows. If everybody would switch browsers, of course ad/spyware would start targetting those browsers. But the same goes for your solution: if everybody switches to Mac, you'd see a giant uprise in ad/spyware for Mac. But at least people would safe $1,500
-
June 25th, 2004, 02:44 PM
#4
Good Lord Neg,
How I wish the wifes Mac only cost $1500
By the time we got the powerbook and the software she needed for it we're talking much closer to $6k.
-
June 25th, 2004, 03:07 PM
#5
Junior Member
I just thought I would drop this link to a story I recently read that exposes the myth that Mac's are the most secure platform to use.
Worth a read if you are under the impression Mac OS X is secure.
http://www.techworld.com/security/ne...fm?NewsID=1798
-
June 25th, 2004, 03:23 PM
#6
I find Mozilla to be the most stable browser on the win32 platofrm. It (hardly ever) crashes and I don't have to worry about spyware. Easily I spend 8-12 hours a week removing spyware from desktops and servers (in a 500 user, 50 server environment).
We're currently looking for an anti-spyware solution that we can implement. We need something with a main administration console, preferably web-based....
I've found pest patrol CE has kind of what we're looking for.
Anyone else have some ideas?
----------------------------------------------------------------
\"First you get the sugar, then you get the power, then you get the women\"
----------------------------------------------------------------
-
June 25th, 2004, 03:41 PM
#7
If we aren't talking apples and oranges then this is a java script that is uploaded to the compromised web sites and the properties of the site are altered to attach the javascript as a footer to all pages served.
The script attempts do download malicious code from a web site in Russia that allows spammers to your the compromised client as a relay.
It is yet unknown how the servers are being compromised..... Can we say "zero day"???
Mitigate by blocking all access to 217.107.218.147.
Snort rule for detecting the exploit is:-
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"WEB-CLIENT local resource redirection attempt"; flow:to_client,established; content:"Location|3a|"; nocase; pcre:"/^Location\x3a\s*URL\s*\x3a/smi"; reference:cve,2004-0549; reference:url,www.kb.cert.org/vuls/id/713878; classtype:attempted-user; sid:2577; rev:2;)
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 25th, 2004, 09:24 PM
#8
Member
"Zero Day"I wouldn't quite say that yet. Perhaps the IIS5.0 is not patched? It is often that companies do not patch their servers timely.
If it is zero-day, then those russians are pretty damn smart.
-
June 25th, 2004, 09:34 PM
#9
Junior Member
I've been seeing some conflicting reports. From what I gather, the IIS end of things is a patchable exploit, but there is no patch for the browser end of things if you happen to visit one of these sites with IE.
-
June 25th, 2004, 10:11 PM
#10
Originally posted here by Warchyld
I've been seeing some conflicting reports. From what I gather, the IIS end of things is a patchable exploit, but there is no patch for the browser end of things if you happen to visit one of these sites with IE.
Well, some of the reports are conflicting at this point but it seems that some are saying that the IIS servers were compromised by this vulnerability: http://www.microsoft.com/technet/sec.../MS04-011.mspx
Either by not applying the patch to begin with or by not rebooting the server once the patch was applied.
You are right, there seems to be no patch currently available for the IE vulnerability. Should definately consider use of another browser full time until IE is patched.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|