[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050130065006.6B73925C013@mail.nettracers.com>
From: lists-security at nettracers.com (lists-security@...tracers.com)
Subject: Is there a 0day vuln in this phisher's site?
Paul Kurczaba said :
"When I went to the page, McAfee VirusScan notified me of an script it
blocked on the page. The blocked script, a virus, was called
"JS/Stealus.gen". After some research, I found the script "exploit(s) an
Internet Explorer vulnerability resulting in Internet Explorer displaying
one location in the Address bar, but actually loading the content from a
different site." -http://vil.nai.com/vil/content/v_126246.htm "
I can see the attempted exploit from the site in my IE browser...but is
shows up in the wrong place on the screen so does not cover the URL bar.
Also my Fortinet firewall does NOT detect that JS/Stealus.gen ....but it did
give me this once when going to this site:
tcp_decoder: tcp_bad_checksum, len: 0x14, checksum: 0x631d, should be
0xee26,[Reference: http://www.fortinet.com/ids/ID108658693]
...and allows this attempt to get through.
- Bryan K. Watson
- bwatson@...tracers.com
Powered by blists - more mailing lists