| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: sgmasood at yahoo.com (S G Masood) Subject: FW: Re: AIM Password theft Hi Brent, This is a recent known vuln. See [1] & [2]. AFAIK, there is no patch from MS yet for this, though, there is a workaround [3] that you can try at your own risk. [1] http://www.securityfocus.com/archive/1/337285 [2] http://www.securityfocus.com/archive/1/337440 [3] http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm -> See section (3) on this page. -- Best Regards, S.G.Masood Hyderabad, India. -- Brent Meshier Wrote: Mark, The code you just sent looks familiar to a SPAM I received attempting to hijack users' e-gold accounts. Out of curiosity I followed that link which loaded start.html (attached). What worries me is that I'm running IE 6.0.2800.1106 with all the latest patches from Microsoft and this page (start.html) rewrote wmplayer.exe on my local drive without notice. After closing the page, I found two .exe files on my desktop (which loaded from http://doz.linux162.onway.net/eg/1.exe). Is this a new unknown vulnerability? Brent Meshier Global Transport Logistics, Inc. http://www.gtlogistics.com/ "Innovative Fulfillment Solutions __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Powered by blists - more mailing lists