| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: bugtraq at cgisecurity.net (zeno) Subject: How often are IE security holes exploited? More often then you think. Some of those porn sites that autodownload/install/execute code that call up a number in <insert-random-country> for internet access (which you aren't aware of) use tricks like this. I have a feeling spammers will flock in the future (well more will) to using browser holes to help further spread ads,etc.. Two practicle examples. - zeno@...security.com > > Richard M. Smith wrote: > > Has anyone ever looked into how often security holes in Internet > > Explorer are actually used in viruses, worms, Trojan horses, and other > > malware? My sense is that very few of them are actually used in the > > wild. > > Define "how often". It's either every day, or somewhere around 1 in 30 > vulnerabilities. :) > > > The KaK and Klez worms both use IE security holes to do their > > dirty work, but most other Windows viruses seem to rely on social > > engineering and standard features of Microsoft products. > > > > If folks know of other malware that make use of IE security holes, > > please let me know. I'm putting together a little list. > > Nimda. There must be a few more as well. I still constantly get email > that tries to use various IE exploits, and I don't believe they're all > Nimda, Kak, and Klez. > > BB > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists