Results 1 to 7 of 7

Thread: Browser hijack method

  1. #1

    Browser hijack method

    I've been searching the microsoft security bulletins, and I haven't found the bulletin that relates to the problem with browser hijacks. I thought that hijacks exploited unpatched IE, so I figured that "hijack" would be included in the bulletin.

    I can't seem to find it, can anyone give me a description of how a browser hijack works? Does it exploit IE, activex, or does it use legitimate code for a malicious purpose?

    http://search.microsoft.com/search/r...ser+hijacks%22

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    This might be a situation where using Google would be better:

    http://cc.uoregon.edu/cnews/winter2004/hijack.html <--- this page refers to specific MS Q pages so that might help with your search terms.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    the advisories were not made for broswer hi-jacking in particular but are more of the type where 'one can be lured to a url where an http doc is constructed to allow an attacker to download and run executables of their choice'. our fine crop of "marketing researchers" just chose software that fit their particular purpose thats all. why their not considered virus writers and the distribution or their "software" not punishable by law is beyond me.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    our fine crop of "marketing researchers" just chose software that fit their particular purpose thats all. why their not considered virus writers and the distribution or their "software" not punishable by law is beyond me.
    This is the most enlightend thing i have read here for some time.

    Can you imagine what would happen if every time you filled your car up with petrol some arse( ) changed your number plate, stole your tax disk and pissed in your gas tank
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    I don't understand the "lured" part...

    I'm without a test box, otherwise I'd go looking for a POC. I've fixed a lot of hijacks around the dorms, and usually its because of porn sites. I figured there was code in the source that exploited or used activex to install it's BHO's and the updates fixed the flaw.

    MS03-011:
    A new security vulnerability has been reported that affects the ByteCode Verifier component of the Microsoft VM. It occurs because the ByteCode verifier does not correctly look for certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a Web page that would exploit this vulnerability when it was opened.
    I finally got a chance to read through the bulletins. This doesn't sound like luring, this sounds like someone could simply write malicious code in an applet, then stick it on a page. I didn't know that this was done through java, I could decompile a malicious class and check it out.

    BTW... I needed this info for a paper. Just got a good response on a rough draft... but I don't think anyone would be willing to see it because its dumbed down for a old prof.


    edit- I see what your sayin now tedob.... It's not a hijack vulnerability, its a full priveledge vulnerabilty that could possibly be a hijack if the writer wished it to be.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    MS03-011 = 2003 the eleventh advisory, the other one was from the year 2000. if you look at some of the newer ones like spoofing the mime type in the header., the advisory warns of getting "lured" to a malicious web site. this is done via a url sent to you in an email or IM. the hi-jackers dont lure per se except for maybe using porn, but they still pick up on the same exploit techniques as the trojan and virus writers use and incorporate them into the sites they pay to do this.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Very simple the ways it works is you have a file in your computer called HOSTS it is in the C:\windows\system32\drivers\etc (for windows xp 200 you will allready know!!) and it tells your computer when you go to google to redirect it to this ip
    Every thing that has a begining has an end.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •