lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: Michael.Simpson at inveresk.com (Michael Simpson) Subject: Spyware installs with no interaction in IE on fully patched XP SP2 box nope, there is no error message when accessing this site as a user - just a very quick flash of a pop-up going to wepdt(?).gator.something. There doesn't appear to be any trace on this computer of any of the files mentioned previously so i guess that you may need to be running as admin to get the download. cheers, mikie "Carr, Robert" <rcarr@...il.uky.edu> Sent by: full-disclosure-admin@...ts.netsys.com 04/10/2004 15:23 To <full-disclosure@...ts.netsys.com> cc Subject RE: [Full-Disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box Interesting... I just went there, and he's right. Atpartners.cab installed without permission. My McAfee picked it right up as Atpartners.dll, downloaded to Temp Internet files. Spyware detected as NetPals. On the other hand, I'm admin of my machine, I wonder if a "user" would get an error message about not having the correct rights... Thanks, Robert -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Geraldo Rivera Sent: Monday, October 04, 2004 9:47 AM To: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box themexp.org I should have logged all the files and reg entries I deleted, but it was late at night and I wasn't really thinking about that at the time. I just checked my IE history for some of the things I googled and I found a bunch of them: SahAgent.exe webrebates0.exe lu.dat preInsln.exe Systb.dll wupdater.exe eakrfu.exe wupdt.exe megasearch toolbar (www.megasearchbar.com) IEPlugin localnrd.dll multimpp.dll >From: "Joel R. Helgeson" <joel@...geson.com> >To: "Geraldo Rivera" ><iamafraud@...mail.com>,<full-disclosure@...ts.netsys.com> >Subject: Re: [Full-Disclosure] Spyware installs with no interaction in IE >on fully patched XP SP2 box >Date: Sun, 3 Oct 2004 14:13:52 -0500 > >What was the site? > >Joel R. Helgeson >Director of Networking & Security Services >SymetriQ Corporation > >"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll >be warm for the rest of his life." >----- Original Message ----- From: "Geraldo Rivera" <iamafraud@...mail.com> >To: <full-disclosure@...ts.netsys.com> >Sent: Sunday, October 03, 2004 1:16 PM >Subject: [Full-Disclosure] Spyware installs with no interaction in IE on >fully patched XP SP2 box > > >>Last night I went to a site that I have been to on and off for years. The >>page loaded and then in IE's status bar I saw something suspicious: >>"installing components...atpartners.cab". I could not close out of IE, and >>I could not kill the iexplorer.exe process. It totally locked up and I had >>to reboot my machine. When my machine came back up, I had at least 6 >>different pieces of spyware/adware on my machine. IT took me almost 2 hrs >>to clean up. I manually deleted a bunch of crap (stuff I had found through >>the run key in the registry, suspicious processes running, suspicious >>files in the usual dir's, and by searching for all files modified at the >>time this happened). Even after all that, Ad-Aware found 143 entries (none >>were cookies, mostly registry entries and a few dll's) and then Spybot >>found an additional 2 registry entries. >> >>This machine is a fully patched XP SP2 box, with the default security >>settings for IE's Internet Zone. Does anybody know what method this crap >>could be using to install without any user interaction? >> >>_________________________________________________________________ >>Express yourself instantly with MSN Messenger! Download today - it's FREE! >>hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.netsys.com/full-disclosure-charter.html > _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists