Very Dangerous Worm

iago · November 09, 2004, 09:07 PM

http://seclists.org/lists/fulldisclosure/2004/Nov/0298.html

The newest MyDoom uses a vulnerability in Internet Explorer (which has been known for two weeks, had an exploit out for 1.5 weeks, but hasn't been patched in winxpSP1 or win2k) to spread. Looking at the page advertised in emails can infect you. VERY DANGEROUS because it'll slip straight through virus scanners. Be cautious.

Incidentally, the original exploit was posted here:
http://seclists.org/lists/fulldisclosure/2004/Nov/0053.html
We've tested that out on fully patched Windows XP SP1 at work, and it's fun to run programs on each other's computers

quasi-modo · November 09, 2004, 09:35 PM

There is already a way to prevent this then... use mozilla. When will people catch on, ie is not a good browser!

iago · November 09, 2004, 09:51 PM

Well, it's not always that easy. At work, unless you have a local admin account (which I do), you're stuck with IE since you can't install software. They also can't update to SP2 (we haven't moved to it yet, since it's going to break too much and we need to get damage control read), so we're rather out of luck for this. I'm going to bring this worm to the attention of the people I work for tomorrow, though.

Vicious · November 10, 2004, 08:51 AM

That's too bad iago. Informing the people would be a very good idea. Just be careful.

hismajesty · November 10, 2004, 02:52 PM

Firefox 1.0 was just released, but I'm still using IE. There's just something about it that I like more than Firefox/any other browser. *shrug*

muert0 · November 10, 2004, 03:14 PM

iago if you could get firefox approved for all workstations you could use this to install it.
http://firefox.dbltree.com/

iago · November 10, 2004, 09:45 PM

Thanks, but I do "security", not "operations". We tell the outsourcers what they have to do, and they eventually do it. It's a great system.

muert0 · November 11, 2004, 12:36 AM

It seems to me that a browser that's insecure has to do with security :/

iago · November 11, 2004, 01:53 AM

Yeah, so we have to make the decision to change over. But to actually deploy it isn't our problem.

MyndFyre · November 11, 2004, 04:32 AM

Quote from: hismajesty[yL] on November 10, 2004, 02:52 PM
Firefox 1.0 was just released, but I'm still using IE. There's just something about it that I like more than Firefox/any other browser. *shrug*

From a developer's standpoint, I like the DOM and the Javascript parser better than Mozilla. I'd like to develop a similar DOM and parser independently, but I really don't think I have the ability. :/