RE: [Full-Disclosure] How big is the danger of IE?

From: Skander Ben Mansour (full-disclosure_at_benmansour.net)
Date: 07/08/04

  • Next message: dk: "Re: [Full-Disclosure] Beta Advisories"
    To: "'Yaakov Yehudi'" <maximumdisclosure@yahoo.com>, <FULL-DISCLOSURE@lists.netsys.com>
    Date: Thu, 8 Jul 2004 21:59:20 +0200
    
    

    Hi Bob,

    I believe the following was discussed in the recent news, as well as
    other security mailing lists, but in summary:

    The following link details compromised/malicious web servers infecting
    end-users by exploiting unpatched vulnerabilities in IE browsers:
    http://isc.sans.org/diary.php?date=2004-06-25
    The infection results in the installation of a keylogger, and various
    backdoors on end-users computers, which definitely has an impact on
    privacy of business information.

    Excerpt:
    "A large number of web sites, some of them quite popular, were
    compromised earlier this week to distribute malicious code. The attacker
    uploaded a small file with javascript to infected web sites, and altered
    the web server configuration to append the script to all files served by
    the web server. The Storm Center and others are still investigating the
    method used to compromise the servers. Several server administrators
    reported that they were fully patched.

    If a user visited an infected site, the javascript delivered by the site
    would instruct the user's browser to download an executable from a
    Russian web site and install it. Different executables were observed.
    These trojan horse programs include keystroke loggers, proxy servers and
    other back doors providing full access to the infected system.

    The javascript uses a so far unpatched vulnerability in MSIE to download
    and execute the code. No warning will be displayed. The user does not
    have to click on any links. Just visiting an infected site will trigger
    the exploit."

    More generally, and partly because of its wide-spread use today, IE is a
    main target of malware developers. While other browsers are not immune
    to security flaws, switching to another browser may significantly reduce
    the likelihood of a browser flaw being exploited.

    CERT recently recommended using a different web browser:
    http://www.theregister.co.uk/2004/06/28/cert_ditch_explorer/
    http://www.us-cert.gov/current/current_activity.html#iis5
    "There are a number of significant vulnerabilities in technologies
    relating to the IE domain/zone security model, the DHTML object model,
    MIME type determination, and ActiveX. It is possible to reduce exposure
    to these vulnerabilities by using a different web browser, especially
    when browsing untrusted sites. Such a decision may, however, reduce the
    functionality of sites that require IE-specific features such as DHTML,
    VBScript, and ActiveX. Note that using a different web browser will not
    remove IE from a Windows system, and other programs may invoke IE, the
    WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "

    I hope this helps.

    Best Regards,

    Skander Ben Mansour

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Yaakov
    Yehudi
    Sent: Thursday, July 08, 2004 7:59 AM
    To: FULL-DISCLOSURE@lists.netsys.com
    Subject: [Full-Disclosure] How big is the danger of IE?

    I would be interested to hear just how big the danger
    of IE is.
    How could it affect the privacy of big business?, or
    any business for that matter?

    or what about the Government - could information leak
    from govenrment employees computers? They do
    something to stop that right?

    Bob Palliser

                    
    __________________________________
    Do you Yahoo!?
    New and Improved Yahoo! Mail - Send 10MB messages!
    http://promotions.yahoo.com/new_mail

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: dk: "Re: [Full-Disclosure] Beta Advisories"

    Relevant Pages

    • RE: [Full-Disclosure] How big is the danger of IE?
      ... The following link details compromised/malicious web servers infecting ... the web server configuration to append the script to all files served by ... method used to compromise the servers. ... switching to another browser may significantly reduce ...
      (Full-Disclosure)
    • Re: security? ? ?
      ... NASL (Nessus Attack Scripting Language) for coding up new vulnerability ... Thus a web server might have a policy something like: ... compromise your administrator workstations, or some router in some way to ... defacement might not be on the "home" page. ...
      (comp.os.linux.security)
    • RE: New article on SecurityFocus
      ... > Subject: RE: New article on SecurityFocus ... > one could compromise a web server with this exploit. ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: New article on SecurityFocus
      ... I'm saying I believe it's exploit distribution has been greatly ... I'm also curious how one could compromise a web server ... >> more that the attackers are increasingly aware of the value ...
      (Focus-Microsoft)
    • Re: ampersand in urls when using xhtml 1.0 strict
      ... My web server is clearly seeing & and the browser is ... After including this header I was able to remove the encoded ... First, this is very strange because if your browser was displaying the page as HTML, then it was already receiving a content type header from the web server telling it that the page was HTML, or else there was no header and the browser was treating it as HTML by default. ...
      (comp.infosystems.www.authoring.html)