lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200212130246.gBD2kXM96976@cgisecurity.net>
From: bugtraq at cgisecurity.net (zeno)
Subject: How often are IE security holes exploited?

More often then you think. Some of those porn sites that autodownload/install/execute
code that call up a number in <insert-random-country> for internet access (which you aren't
aware of) use tricks like this. I have a feeling spammers will flock in the future (well more will)
to using browser holes to help further spread ads,etc..

Two practicle examples.


- zeno@...security.com




> 
> Richard M. Smith wrote:
> > Has anyone ever looked into how often security holes in Internet
> > Explorer are actually used in viruses, worms, Trojan horses, and other
> > malware?  My sense is that very few of them are actually used in the
> > wild.  
> 
> Define "how often".  It's either every day, or somewhere around 1 in 30 
> vulnerabilities. :)
> 
> > The KaK and Klez worms both use IE security holes to do their
> > dirty work, but most other Windows viruses seem to rely on social
> > engineering and standard features of Microsoft products.
> > 
> > If folks know of other malware that make use of IE security holes,
> > please let me know.  I'm putting together a little list.
> 
> Nimda.  There must be a few more as well.  I still constantly get email 
> that tries to use various IE exploits, and I don't believe they're all 
> Nimda, Kak, and Klez.
> 
> 					BB
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ