• Welcome to Valhalla Legends Archive.
 

Very Dangerous Worm

Started by iago, November 09, 2004, 09:07 PM

Previous topic - Next topic

iago

http://seclists.org/lists/fulldisclosure/2004/Nov/0298.html

The newest MyDoom uses a vulnerability in Internet Explorer (which has been known for two weeks, had an exploit out for 1.5 weeks, but hasn't been patched in winxpSP1 or win2k) to spread.  Looking at the page advertised in emails can infect you.  VERY DANGEROUS because it'll slip straight through virus scanners.  Be cautious.


Incidentally, the original exploit was posted here:
http://seclists.org/lists/fulldisclosure/2004/Nov/0053.html
We've tested that out on fully patched Windows XP SP1 at work, and it's fun to run programs on each other's computers :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


quasi-modo

There is already a way to prevent this then... use mozilla. When will people catch on, ie is not a good browser!
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

iago

Well, it's not always that easy.  At work, unless you have a local admin account (which I do), you're stuck with IE since you can't install software.  They also can't update to SP2 (we haven't moved to it yet, since it's going to break too much and we need to get damage control read), so we're rather out of luck for this.  I'm going to bring this worm to the attention of the people I work for tomorrow, though.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Vicious

That's too bad iago. Informing the people would be a very good idea. Just be careful.

hismajesty

Firefox 1.0 was just released, but I'm still using IE. There's just something about it that I like more than Firefox/any other browser. *shrug*

muert0

iago if you could get firefox approved for all workstations you could use this to install it.
http://firefox.dbltree.com/
To lazy for slackware.

iago

Thanks, but I do "security", not "operations".  We tell the outsourcers what they have to do, and they eventually do it.  It's a great system.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


muert0

It seems to me that a browser that's insecure has to do with security :/
To lazy for slackware.

iago

Yeah, so we have to make the decision to change over.  But to actually deploy it isn't our problem. 
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MyndFyre

Quote from: hismajesty[yL] on November 10, 2004, 02:52 PM
Firefox 1.0 was just released, but I'm still using IE. There's just something about it that I like more than Firefox/any other browser. *shrug*

From a developer's standpoint, I like the DOM and the Javascript parser better than Mozilla.  I'd like to develop a similar DOM and parser independently, but I really don't think I have the ability.  :/
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.