a few points about my website link post
From: leon (leon@inyc.com)Date: 03/08/02
- Previous message: Wonn, Jason J--G2(Contractor): "RE: port 12345 windows95/nt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "leon" <leon@inyc.com> To: <security-basics@security-focus.com> Date: Thu, 7 Mar 2002 21:56:16 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi everyone,
I have gotten a lot of on list and off list mail about the link I
sent out.
I would like to clarify a few things. First it only appears to work
with XP, IE 6 and all patches installed. Other versions of win and
IE do not appear vulnerable.
2nd there is a question of whether or not this is a virus (as it
appears some anti-virus programs are flagging it and I am getting
much hate mail).
According to trend micro;s site "CIDEXPLOIT.B, CIDEXPLOIT
Description:
This malware uses an Internet Explorer exploit to execute program
files on the infected user's computer. Upon execution, it runs files
in its command list.
So basically it is being flagged as a virus when it is really not.
It does not replicate (something characteristic of viri) nor does it
carry a malicious "payload" It is the same FUD that happens when you
run the sub 7 client and the anti virus program tells you it is a
Trojan when it is clearly not. The same with aim filter which it
classifies as a back door.
Finally I would like to touch on why I made the point about firewalls
not stopping it. This is not because I think firewalls should stop
the attack; I merely thought that because we have a lot of people who
are new to security they should be aware that having a firewall is
not enough. Firewalls will not and cannot stop these times of
attacks (IDS might be another story) I didn't mean to confuse anyone
or cloud any issues. In closing I would like to say sorry to the
group if I upset anyone and reiterate a point that everyone should
know; if you don't trust something you find on a public mailing list
ignore it. I don't feel I was irresponsible in posting this. We
have seen Trojans posted to both bugtraq and vuln-dev (this of course
is not destructive as the code I am referring to was). It is a
classic case of the buyer (user?) beware.
So in summary this is a harmless proof of concept exploit that only
appears to effect XP with IE 6 and all patches. Some anti virus
programs flag it as a virus when it is not harmful (just delete the
files from your IE cache if worried). And again I apologize for
upsetting anyone (if you only saw the hate mail). I am here to teach
and most importantly be taught.
Thanks again for the positive e-mail I received (you know who you
people are).
Regards,
Leon
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPIgoT9qAgf0xoaEuEQKNoQCghsmcspZyQiknE2xhE4xZ6Zv5SvYAnjj8
uEvpTG2VbiC2wBR134L6bopq
=T6fR
-----END PGP SIGNATURE-----
- Previous message: Wonn, Jason J--G2(Contractor): "RE: port 12345 windows95/nt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
