Re: [Full-Disclosure] ADODB.Stream object
From: jelmer (jkuperus_at_planet.nl)
Date: 08/27/03
- Previous message: Dave Howe: "Re: [Full-Disclosure] Re: Popular Net anonymity service back-doored"
- In reply to: Nick FitzGerald: "Re: [Full-Disclosure] ADODB.Stream object"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] ADODB.Stream object"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] ADODB.Stream object"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: nick@virus-l.demon.co.uk, full-disclosure@lists.netsys.com Date: Wed, 27 Aug 2003 11:44:18 +0200
I am not big on viri so I looked it up :
--- Mindjail is a new variant of Backdoor.SdBot code that once activated installs a backdoor into infected systems. IRC channels are scanned by bots seeking users, who are then spammed with the following messages: 1. "EEEEEEETHHHOOOM! MINDJAIL!! HE IS TRAPPED!! GET HIM OUT!" 2. "Ever heard of a thing called mindjail? Check it" Both messages are followed by a link to a file called mindjail.zip. The zip file contains a HTML file, "mindjail.html" which executes JavaScript code on vulnerable systems --- I know this thought also crossed my mind, I also recieved some mail born virusses wich used a similar scheme but one may argue that had the zip file contained a .vbs or .exe file, people would have openened it aswell. ----- Original Message ----- From: "Nick FitzGerald" <nick@virus-l.demon.co.uk> To: <full-disclosure@lists.netsys.com> Sent: Wednesday, August 27, 2003 4:20 AM Subject: Re: [Full-Disclosure] ADODB.Stream object > jelmer <jkuperus@planet.nl> wrote: > > <<snip interesting stuff>> > > I dont think it in it self can not be concidered a security vulnerabilty as > > it only works when the file containing the code is present on a users > > harddisk, though html files are generally considered trusted and you can > > probably trick some people into opening an html file by sending it to them > > through msn messenger or whatever. > > It can most likely be used to leverage other vulnerabilities, for instance > > many programs download information to predictable locations from where you > > might invoke it. > > I do not see this as much of an issue/problem for widespread > exploitation of this. Recall the (modest) "success" of the MindJail > virus, and the ongoing success of Mijail (which is by far the most > prevalent mass-mailing virus this month if you ignore the Sobig.F > freak). Both of these viruses exploited a "My Computer" zone-only IE > vulnerability, depending on the typical handling of files from inside > archives being placed into %TEMP% despite their source archives clearly > being handled in the TIF. Of course, MS (and thus IE) cannot manage > third-party programs handling of files passed out of of IE's security > zones... > > > -- > Nick FitzGerald > Computer Virus Consulting Ltd. > Ph/FAX: +64 3 3529854 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Dave Howe: "Re: [Full-Disclosure] Re: Popular Net anonymity service back-doored"
- In reply to: Nick FitzGerald: "Re: [Full-Disclosure] ADODB.Stream object"
- Next in thread: Nick FitzGerald: "Re: [Full-Disclosure] ADODB.Stream object"
- Reply: Nick FitzGerald: "Re: [Full-Disclosure] ADODB.Stream object"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Loading
