[Full-Disclosure] Re: new internet explorer exploit (was new worm)

From: - - (erwinp21_at_hotmail.com)
Date: 03/30/04

  • Next message: Marc Ruef: "[Full-Disclosure] Fighting useless notification mails" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 30 Mar 2004 14:16:37 +0000

    Drew Coply wrote:
    >Yeah. It is a zero day worm, and it is very notable as such.

    >I can not recall a previous zero day worm. (AV is not my job, but I do
    >try and follow zero day.)

    >Hence, IE has birthed us the first zero day worm.

    On one hand this worm exploits unpatched vulnerabilities, but on the other
    hand these vulnerabilities were already known for some time, as shown in the
    references below.

    http://archives.neohapsis.com/archives/bugtraq/2003-12/0337.html
    http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.html

    MS attempted to patch one of them, but as we all know they failed doing it
    properly. Still I think this "worm" is nothing to get to exciting about, it
    is nothing more than two known vulnerabilites combined. While I think MS
    should patch those vulnerabilities a.s.a.p, the word 0-day is a bit to
    strong for this "worm".

    Thor Larholm wrote:
    >K-OTiK posted about this in http://www.securityfocus.com/archive/1/354447
    >and we posted details of the Ibiza CHM exploit a few weeks before then on
    >the Unpatched mailing list ( http://unpatched.pivxlabs.com ).
    I assume you mean the brief analyses you posted earlier to the unpatched
    mailing list? (sorry, no reference since the unpatched mail archive is
    currently down) Have you discovered any new noteworthy information about the
    Bizex worm, since you were still researching the impact of the worm when you
    send that earlier message to the list?

    Regards,

    Erwin

    _________________________________________________________________
    Free up your inbox with MSN Hotmail Extra Storage. Multiple plans available.
    http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362ave/direct/01/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Marc Ruef: "[Full-Disclosure] Fighting useless notification mails"

    Relevant Pages

    • RE: IPS, alternative solutions
      ... Will the worm use that same method? ... mechanisms that cover the same space as patching covers. ... known vulnerabilities, ... by pitching themselves as a combination of an IDS and a firewall. ...
      (Focus-IDS)
    • router worms and International Infrastructure [was: Re: IOS exploit]
      ... > follows an EIGRP vector from router to router. ... I wrote this after the release of "the three vulnerabilities", ... dangerous on their own, and consider what a worm, ... Packet Killers" as I like to call them to the world. ...
      (Bugtraq)
    • CERT Advisory CA-2003-04 MS-SQL Server Worm
      ... code that most likely exploits two vulnerabilities in the Resolution ... traffic generated between hosts infected with the worm targeting SQL ... Activity of this worm is readily identifiable on a network by the ... protection whatsoever against the initial infection of systems. ...
      (Cert)
    • Re: Linux worm crawls the web, what to do to protect our systems
      ... >> A strange worm is going around the web. ... >>some vulnerabilities in PHP. ... >>80 and the attack has been well documented by SANS. ...
      (Fedora)
    • [Full-Disclosure] Re: Any thoughts on War-Googling? (long and inflammatory)
      ... > about using Google to target servers by searching paths to ... vulnerabilities using search engines (the latter dating back to the ages ... useful estimation of the success rate or propagation scenarios ... worm by search engine operators makes it quite unlikely for the worm to ...
      (Full-Disclosure)