lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lists-security at nettracers.com (lists-security@...tracers.com)
Subject: Is there a 0day vuln in this phisher's site?

Paul Kurczaba said :
"When I went to the page, McAfee VirusScan notified me of an script it
blocked on the page. The blocked script, a virus, was called
"JS/Stealus.gen". After some research, I found the script "exploit(s) an
Internet Explorer vulnerability resulting in Internet Explorer displaying
one location in the Address bar, but actually loading the content from a
different site." -http://vil.nai.com/vil/content/v_126246.htm "


I can see the attempted exploit from the site in my IE browser...but is
shows up in the wrong place on the screen so does not cover the URL bar.

Also my Fortinet firewall does NOT detect that JS/Stealus.gen ....but it did
give me this once when going to this site:

 tcp_decoder: tcp_bad_checksum, len: 0x14, checksum: 0x631d, should be
0xee26,[Reference: http://www.fortinet.com/ids/ID108658693]

...and allows this attempt to get through.


- Bryan K. Watson
- bwatson@...tracers.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ