[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F4D46A3.29192.9A62C5E1@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: ADODB.Stream object
jelmer <jkuperus@...net.nl> to me:
<<snip explanation of 3rd-party app dragging HTML content across the
"security zone barrier" unhindered>>
> I know this thought also crossed my mind, I also recieved some mail born
> virusses wich used a similar scheme but one may argue that had the zip
> file contained a .vbs or .exe file, people would have openened it aswell.
Sure, but there have been a few other self-mailing viruses that have
distributed themselves via .ZIP file attachments and the relative
success of Mimail in particular seems in no small part attributable to
the fact that "your average punter" is exceedingly unlikely to consider
an HTML file to be "suspicious" _in any context_.
This observation of the expected -- "predictable" even -- failing of
the human component in the "security chain" is what makes security
vulnerabilities, such this latest one Jelmer has pointed out, much more
dangerous than the typical "Mitigating factors" BS in MS Security
Bulletins would have you believe. For those who haven't already
realized, nearly everything listed as "Mitigating factors" in MS
Security Bulletins related to HTML parsing/security zone/etc flaws in
IE/OE/OL are, in fact, simple pointers to easy things any half-clever
black-hat can obviously use to exploit the stupidity of several hundred
million "typical Windows users", and usually most or all of these
approaches will already have been outrageously successful (with other
similar vulnerabilities) in two, three or more existing self-mailing
viruses.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists