-
June 25th, 2004, 09:11 PM
#11
Junior Member
Additionally, Cluley says that there has been some evidence that Web sites have been able to avoid the threat because they downloaded a patch made available by Microsoft in April to thwart the Sasser worm.
Could that be why nowbody is seeing much activity.
http://story.news.yahoo.com/news?tmp...pcworld/116690
Honesty
Everyone wants to know it but nobody wants to hear it.
-
June 25th, 2004, 10:52 PM
#12
Geez,
Lots of noise about this.. but very little tech info..
Can some one Correct me please.. On the Client side of things, this would make ANY Java enabled Browser on the Win32 platform Vulnerable? or is it just IE...
too bloody early on a (Working) Saturday Morning..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
June 26th, 2004, 03:09 AM
#13
I think the media is hyping this one a BIT. From all that I've read on NTBugTraq, Internet Storm Center, and others the only servers vulnerable are the ones NOT patched with the MS04-011 from April. If's that the case than I would hope we aren't hearing much because we have many smart administrators who have applied the April patch...at least I'm hoping that's the case. If not...shame shame shame.
Originally posted here by Und3ertak3r
Can some one Correct me please.. On the Client side of things, this would make ANY Java enabled Browser on the Win32 platform Vulnerable? or is it just IE...
It looks like on Internet Explorer with Javascript enabled is vulnerable...only a few of those huh? (snicker). I actually tested it out on our test hardware while the site was still up found it calls a script which tried to pull up a .CHM file from the Windows directory with some parameter set - it wasn't successfull. I then scanned the PC and found 2 HTM files detected with some sort of Javascript code/trojan. Sorry I dont have the information handy here to give exact details.
The REAL bad thing I read is that it infects the client PC via some UNPATCHED IE holes! ...anyone betting on new MS IE patch soon?
This is a rather interesting _new_ (maybe not but recently new) way to infect PCs:
1) Infect a web server stealthily without alerting administrator
2) Change web server settings to have it attach malicious code on every page
3) Have infected client pull up malicious code, in background via hidden IE frame or windows so user doesnt notice, and run it and getting infected with other bad stuff (backdoors, keyloggers, name that malware!)
And all my users and I want to do is surf the web safely....ha
-
June 26th, 2004, 08:30 AM
#14
On its Web site, Microsoft said users could search for the files "Kk32.dll" or "Surf.dat" to see if their PCs were infected.
The Macintosh version of Internet Explorer is not affected, nor are non-Microsoft browsers such as Mozilla, Opera and Apple Computer Inc.'s Safari browser, security experts said
Read it here.
/me walks away muttering "IE bad...Mozilla good.....IE bad....Opera good....IE bad...."
Al
It isn't paranoia when you KNOW they're out to get you...
-
June 26th, 2004, 08:52 AM
#15
People forget that IE is directly tied to the Windows shell (not that folks in Redmond have always admitted it....). I can see the appeal of IE, but am glad I don't have to sweat stuff like this out with those who actually use it.
-- bumblehead
Get OpenSolaris http://www.opensolaris.org/
-
June 26th, 2004, 04:20 PM
#16
Junior Member
Sorry looks to me like we were had.
I am not the usually the boy who cry’s wolf and would like to offer my apology
The threat of zero day is real and it looked to me from what I was reading yesterday it had happened
It now appears that either the “high profile sites” that were hit were bogus or never happened.
Because
I can’t confirm one site and doesn’t it have to run iis?
Forgive my conspiracy theories but aren’t they trying to pass an anti ad ware law right now?
I hope I am wrong but I’m not holding my breath for that high profile list.
Please don’t be to mad at me people I didn’t start it.
Didn’t have to encourage it though until I was absolutely sure. Lesson learned.
jeremy
-
June 27th, 2004, 09:08 PM
#17
Sorry looks to me like we were had.
I am not the usually the boy who cry’s wolf and would like to offer my apology
The threat of zero day is real and it looked to me from what I was reading yesterday it had happened
Jeremy, no need to apologize. Computer security is all about knowing there is a threat out there no matter how it occurs and with the information available, (often limited), determining a technique to mitigate it in your own environment. You were far from alone in questioning the existence of another zero day. I, for one, (and I'm sure many here would concur), would rather have you "cry wolf" ten times than not to report a viable threat once. If nothing else you will make us look for evidence that corroborates your warning ourselves.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 28th, 2004, 10:39 AM
#18
The media has done its job..
Had a pile of machines come in today complaining that they had been hit by this virus..
hmm
Comet Curser
]CoolWebSearch
Netsky
nachi
PronDialers
gaobot
yep they had a virus.. And I removed them.. but none were the one in question..
what happened to the bleeding edge of virii
off to ponder other problems..
cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
June 28th, 2004, 04:17 PM
#19
The Internet Storm Center has just posted this information:
We have received information about compromised systems with Internet Information Server. These systems had an administrator level account with the username 'IWAP_WWW' added.
Please check if your server has such an account and let us know what you find. Until we know more, we suggest that you consider a server compromised if you find and administrator account with this username.
Those of you running an IIS Web server may want to have a look.
Cheers:
-
June 28th, 2004, 08:43 PM
#20
I posted this in one of the other threads that were started on this "virus"... It would seem that it is not a self propogating virus, and if you are patched with all of the current patches, you should not have a problem.
On June 24 2004 Microsoft began investigating a report that some
customers using IIS 5.0 (Internet Information Services), a component of
Windows 2000 Server, are being exploited by an issue known as
Download.Ject. More information is available at
http://www.microsoft.com/downloadject.
The Microsoft investigation is active with security response teams
dedicated to analyzing, resolving and communicating progress to
customers in a timely manner. It is important to note that thus far in
the investigation, through alerting customers and partners worldwide,
Microsoft has been not been made aware of significant customer impact
based on Download.Ject.
Microsoft has confirmed that this attack is not self-propagating
malicious code. In other words, this is not a worm but a targeted
manual attack by individuals or entities towards a specific server.
To get the latest information please refer to
http://www.microsoft.com/downloadject
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|