-
May 13th, 2004, 08:20 PM
#1
Browser hijack method
I've been searching the microsoft security bulletins, and I haven't found the bulletin that relates to the problem with browser hijacks. I thought that hijacks exploited unpatched IE, so I figured that "hijack" would be included in the bulletin.
I can't seem to find it, can anyone give me a description of how a browser hijack works? Does it exploit IE, activex, or does it use legitimate code for a malicious purpose?
http://search.microsoft.com/search/r...ser+hijacks%22
-
May 13th, 2004, 08:27 PM
#2
This might be a situation where using Google would be better:
http://cc.uoregon.edu/cnews/winter2004/hijack.html <--- this page refers to specific MS Q pages so that might help with your search terms.
-
May 20th, 2004, 03:15 AM
#3
the advisories were not made for broswer hi-jacking in particular but are more of the type where 'one can be lured to a url where an http doc is constructed to allow an attacker to download and run executables of their choice'. our fine crop of "marketing researchers" just chose software that fit their particular purpose thats all. why their not considered virus writers and the distribution or their "software" not punishable by law is beyond me.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
May 20th, 2004, 03:24 AM
#4
our fine crop of "marketing researchers" just chose software that fit their particular purpose thats all. why their not considered virus writers and the distribution or their "software" not punishable by law is beyond me.
This is the most enlightend thing i have read here for some time.
Can you imagine what would happen if every time you filled your car up with petrol some arse( ) changed your number plate, stole your tax disk and pissed in your gas tank
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
May 20th, 2004, 06:03 AM
#5
I don't understand the "lured" part...
I'm without a test box, otherwise I'd go looking for a POC. I've fixed a lot of hijacks around the dorms, and usually its because of porn sites. I figured there was code in the source that exploited or used activex to install it's BHO's and the updates fixed the flaw.
MS03-011:
A new security vulnerability has been reported that affects the ByteCode Verifier component of the Microsoft VM. It occurs because the ByteCode verifier does not correctly look for certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a Web page that would exploit this vulnerability when it was opened.
I finally got a chance to read through the bulletins. This doesn't sound like luring, this sounds like someone could simply write malicious code in an applet, then stick it on a page. I didn't know that this was done through java, I could decompile a malicious class and check it out.
BTW... I needed this info for a paper. Just got a good response on a rough draft... but I don't think anyone would be willing to see it because its dumbed down for a old prof.
edit- I see what your sayin now tedob.... It's not a hijack vulnerability, its a full priveledge vulnerabilty that could possibly be a hijack if the writer wished it to be.
-
May 20th, 2004, 07:54 AM
#6
MS03-011 = 2003 the eleventh advisory, the other one was from the year 2000. if you look at some of the newer ones like spoofing the mime type in the header., the advisory warns of getting "lured" to a malicious web site. this is done via a url sent to you in an email or IM. the hi-jackers dont lure per se except for maybe using porn, but they still pick up on the same exploit techniques as the trojan and virus writers use and incorporate them into the sites they pay to do this.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
May 20th, 2004, 08:49 AM
#7
Member
Very simple the ways it works is you have a file in your computer called HOSTS it is in the C:\windows\system32\drivers\etc (for windows xp 200 you will allready know!!) and it tells your computer when you go to google to redirect it to this ip
Every thing that has a begining has an end.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|