[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <400147DB.25603.397C73FA@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: 3 new MS patches next week... but none fix 0x01!
"Exibar" <exibar@...lair.com> wrote:
> What's going on over at Microsoft anyway? They're releasing 3 new patches
> next week, but are planned to take care of the "0x01" vulnerability in IE.
^
|
As it is now clear that you meant to include the word "none" in
there...
> I'm one of Microsoft's defenders, and I'm starting to get a little
> confused and upset at what they're doing.
>
> Heck if 3rd parties can write a fix for the darned thing, why the heck
> can't Microsoft???? What are they thinking over there?
>
> oh, I guess they are waiting for a large client to get scammed by a scam
> e-mail and then wait for that client to complain. Money really does talk I
> guess.... it's a shame
OK -- is HSBC bank a large enough client of Microsoft's??
A few days ago (7 Jan) there was a huge spam run phishing for HSBC
customer details. That spam used a version of the URL spoofing trick
based on a long string of percent-zero-one URL-encoded chars (you have
to be careful with writing that literally now as several spam filters
and some virus scanner's heuristics specifically look for those
strings, literal 0x00, 0x01 and similar characters and various other
forms of encoding of them that are valid in HTML, etc...). Anyway,
back to the HSBC spam -- I've seen a report of a single filter
intercepting close to 150,000 of those messages and several other
informal reports of "large numbers" of other spam employing these URL
obscuring tricks (though the HSBC one is the only one using it I've
noticed arriving in my personal Email).
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists