Text only | Text with Images

Valhalla Legends Archive

General => General Discussion => Topic started by: iago on November 09, 2004, 09:07 PM

Title: Very Dangerous Worm
Post by: iago on November 09, 2004, 09:07 PM
http://seclists.org/lists/fulldisclosure/2004/Nov/0298.html

The newest MyDoom uses a vulnerability in Internet Explorer (which has been known for two weeks, had an exploit out for 1.5 weeks, but hasn't been patched in winxpSP1 or win2k) to spread.  Looking at the page advertised in emails can infect you.  VERY DANGEROUS because it'll slip straight through virus scanners.  Be cautious.


Incidentally, the original exploit was posted here:
http://seclists.org/lists/fulldisclosure/2004/Nov/0053.html
We've tested that out on fully patched Windows XP SP1 at work, and it's fun to run programs on each other's computers :)
Title: Re: Very Dangerous Worm
Post by: quasi-modo on November 09, 2004, 09:35 PM
There is already a way to prevent this then... use mozilla. When will people catch on, ie is not a good browser!
Title: Re: Very Dangerous Worm
Post by: iago on November 09, 2004, 09:51 PM
Well, it's not always that easy.  At work, unless you have a local admin account (which I do), you're stuck with IE since you can't install software.  They also can't update to SP2 (we haven't moved to it yet, since it's going to break too much and we need to get damage control read), so we're rather out of luck for this.  I'm going to bring this worm to the attention of the people I work for tomorrow, though.
Title: Re: Very Dangerous Worm
Post by: Vicious on November 10, 2004, 08:51 AM
That's too bad iago. Informing the people would be a very good idea. Just be careful.
Title: Re: Very Dangerous Worm
Post by: hismajesty on November 10, 2004, 02:52 PM
Firefox 1.0 was just released, but I'm still using IE. There's just something about it that I like more than Firefox/any other browser. *shrug*
Title: Re: Very Dangerous Worm
Post by: muert0 on November 10, 2004, 03:14 PM
iago if you could get firefox approved for all workstations you could use this to install it.
http://firefox.dbltree.com/
Title: Re: Very Dangerous Worm
Post by: iago on November 10, 2004, 09:45 PM
Thanks, but I do "security", not "operations".  We tell the outsourcers what they have to do, and they eventually do it.  It's a great system.
Title: Re: Very Dangerous Worm
Post by: muert0 on November 11, 2004, 12:36 AM
It seems to me that a browser that's insecure has to do with security :/
Title: Re: Very Dangerous Worm
Post by: iago on November 11, 2004, 01:53 AM
Yeah, so we have to make the decision to change over.  But to actually deploy it isn't our problem. 
Title: Re: Very Dangerous Worm
Post by: MyndFyre on November 11, 2004, 04:32 AM
Quote from: hismajesty[yL] on November 10, 2004, 02:52 PM
Firefox 1.0 was just released, but I'm still using IE. There's just something about it that I like more than Firefox/any other browser. *shrug*

From a developer's standpoint, I like the DOM and the Javascript parser better than Mozilla.  I'd like to develop a similar DOM and parser independently, but I really don't think I have the ability.  :/
Text only | Text with Images