[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200212130246.gBD2kXM96976@cgisecurity.net>
From: bugtraq at cgisecurity.net (zeno)
Subject: How often are IE security holes exploited?
More often then you think. Some of those porn sites that autodownload/install/execute
code that call up a number in <insert-random-country> for internet access (which you aren't
aware of) use tricks like this. I have a feeling spammers will flock in the future (well more will)
to using browser holes to help further spread ads,etc..
Two practicle examples.
- zeno@...security.com
>
> Richard M. Smith wrote:
> > Has anyone ever looked into how often security holes in Internet
> > Explorer are actually used in viruses, worms, Trojan horses, and other
> > malware? My sense is that very few of them are actually used in the
> > wild.
>
> Define "how often". It's either every day, or somewhere around 1 in 30
> vulnerabilities. :)
>
> > The KaK and Klez worms both use IE security holes to do their
> > dirty work, but most other Windows viruses seem to rely on social
> > engineering and standard features of Microsoft products.
> >
> > If folks know of other malware that make use of IE security holes,
> > please let me know. I'm putting together a little list.
>
> Nimda. There must be a few more as well. I still constantly get email
> that tries to use various IE exploits, and I don't believe they're all
> Nimda, Kak, and Klez.
>
> BB
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists