Worst I've seen yet

[David H. Lipman]

From: "Lil' Abner" <blvstk@dogpatch.com>

| Jay T. Blocksom <not.deliverable+usenet02@appropriate-tech.net> wrote in
| news:7tuq41trcrcb48h2ki1i64i1fen1r5j7if@news.speak easy.net:
|
>> On Thu, 31 Mar 2005 19:28:38 -0600, in <alt.privacy.spyware>, "Lil'
>> Abner"
>> <blvstk@dogpatch.com> wrote:
>>>
>> [snip]
>>
>>> But in Internet Explorer, it puts on a show you'll never forget. The
>>> only way I could stop it was by killing IExplore in Task Manager,
>>> and Task Manager didn't want to come up very bad. It's unending
>>> popups, and really fast. I thought I was pretty well protected, but
>>> not against that!
>>
>> 1. - You've allowed MSIE to remain installed on your system
>> 2. - You're actually *running* MSIE.
>> 3. - You're actually running MSIE with pop-ups, Java**** and/or
>> ActiveXploit
>> enabled.
>>
>> Yet, for some completely unfathomable reason, you "thought [you were]
>> pretty well protected"...?!?
|
| I don't run IE... never ever. I just had to try it this once to see what
| I was missing. But I figured with Spybot's "immunization" and a 231 kb
| hosts file, and whatever spywareblaster does, that maybe I'd escape
| anything drastic. The patch someone mentioned above didn't help either.
|
| --
| -- Being "over the hill" is much better than being under it! --

The exploit --
"A cross-domain vulnerability exists in the Microsoft Dynamic HTML (DHTML) Editing Component
ActiveX control that could allow information disclosure or remote code execution on an
affected system. An attacker could exploit the vulnerability by constructing a malicious Web
page that could potentially allow remote code execution if a user visited that page. An
attacker who successfully exploited this vulnerability could take complete control of an
affected system."

That doesn't mean the patch would stop the script fronm loading 100's of new windows. If
the programmer of that site knew how, he could turn your PC into a zombie !

Here how to test your PC...

http://secunia.com/internet_explorer...rability_test/

{ Good AV should flag Exploit-IEPageSpoof }

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Lil' Abner]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:V_g3e.63$Jn2.20@trnddc09:

> From: "Lil' Abner" <blvstk@dogpatch.com>
>
>| Jay T. Blocksom <not.deliverable+usenet02@appropriate-tech.net> wrote
>| in news:7tuq41trcrcb48h2ki1i64i1fen1r5j7if@news.speak easy.net:
>|
>>> On Thu, 31 Mar 2005 19:28:38 -0600, in <alt.privacy.spyware>, "Lil'
>>> Abner"
>>> <blvstk@dogpatch.com> wrote:
>>>>
>>> [snip]
>>>
>>>> But in Internet Explorer, it puts on a show you'll never forget.
>>>> The only way I could stop it was by killing IExplore in Task
>>>> Manager, and Task Manager didn't want to come up very bad. It's
>>>> unending popups, and really fast. I thought I was pretty well
>>>> protected, but not against that!
>>>
>>> 1. - You've allowed MSIE to remain installed on your system
>>> 2. - You're actually *running* MSIE.
>>> 3. - You're actually running MSIE with pop-ups, Java**** and/or
>>> ActiveXploit
>>> enabled.
>>>
>>> Yet, for some completely unfathomable reason, you "thought [you
>>> were] pretty well protected"...?!?
>|
>| I don't run IE... never ever. I just had to try it this once to see
>| what I was missing. But I figured with Spybot's "immunization" and a
>| 231 kb hosts file, and whatever spywareblaster does, that maybe I'd
>| escape anything drastic. The patch someone mentioned above didn't
>| help either.
>|
>| --
>| -- Being "over the hill" is much better than being under it! --
>
> The exploit --
> "A cross-domain vulnerability exists in the Microsoft Dynamic HTML
> (DHTML) Editing Component ActiveX control that could allow information
> disclosure or remote code execution on an affected system. An attacker
> could exploit the vulnerability by constructing a malicious Web page
> that could potentially allow remote code execution if a user visited
> that page. An attacker who successfully exploited this vulnerability
> could take complete control of an affected system."
>
> That doesn't mean the patch would stop the script fronm loading 100's
> of new windows. If the programmer of that site knew how, he could
> turn your PC into a zombie !
>
> Here how to test your PC...
>
> http://secunia.com/internet_explorer..._vulnerability
> _test/
>
> { Good AV should flag Exploit-IEPageSpoof }

In IE I get "error on page" when I click the test link.
In Firefox I get "Done" but nothing happens.

--
-- Being "over the hill" is much better than being under it! --

[Gabriele Neukam]

On that special day, David H. Lipman, (DLipman~nospam~@Verizon.Net)
said...

> http://secunia.com/internet_explorer...rability_test/
>
> { Good AV should flag Exploit-IEPageSpoof }

My Opera doesn't open anything; and AVG stays quiet. Now what?


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

[David H. Lipman]

From: "Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de>

| On that special day, David H. Lipman, (DLipman~nospam~@Verizon.Net)
| said...
|
>> http://secunia.com/internet_explorer...rability_test/
>>
>> { Good AV should flag Exploit-IEPageSpoof }
|
| My Opera doesn't open anything; and AVG stays quiet. Now what?
|
| Gabriele Neukam
|
| Gabriele.Spamfighter.Neukam@t-online.de
|
| --
| Ah, Information. A property, too valuable these days, to give it away,
| just so, at no cost.


Well it shows AVG doesn't flag this exploit code. McAfee does. That says something about
AVG.

As for Opera, it is not vulnerable.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Jay T. Blocksom]

On Fri, 01 Apr 2005 12:36:10 -0600, in <alt.privacy.spyware>, "Lil' Abner"
<blvstk@dogpatch.com> wrote:
>
[snip]
>
> I don't run IE... never ever. I just had to try it this once to see what
> I was missing.

And I suppose that your wife/girlfriend/sister is "just a little pregnant",
right?

<http://dictionary.reference.com/search?q=Oxymoron>
<http://www.m-w.com/cgi-bin/dictionary?book=Dictionary&va=Oxymoron&x=13&y=13>

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet02[at]appropriate-tech.net

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this domain is expressly prohibited under
47 USC S227 and State Law. Violators are subject to prosecution.