lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: iamafraud at hotmail.com (Geraldo Rivera)
Subject: Spyware installs with no interaction in IE on fully patched XP SP2 box

Last night I went to a site that I have been to on and off for years. The 
page loaded and then in IE's status bar I saw something suspicious: 
"installing components...atpartners.cab". I could not close out of IE, and I 
could not kill the iexplorer.exe process. It totally locked up and I had to 
reboot my machine. When my machine came back up, I had at least 6 different 
pieces of spyware/adware on my machine. IT took me almost 2 hrs to clean up. 
I manually deleted a bunch of crap (stuff I had found through the run key in 
the registry, suspicious processes running, suspicious files in the usual 
dir's, and by searching for all files modified at the time this happened). 
Even after all that, Ad-Aware found 143 entries (none were cookies, mostly 
registry entries and a few dll's) and then Spybot found an additional 2 
registry entries.

This machine is a fully patched XP SP2 box, with the default security 
settings for IE's Internet Zone. Does anybody know what method this crap 
could be using to install without any user interaction?

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


Powered by blists - more mailing lists