Re: Spyware/adware and Internet Explorer

From: Frode (
Date: 02/03/04

Date: Tue, 03 Feb 2004 19:35:17 +0100

Hash: SHA1

Steven Burn wrote:
>Here's a quick javascript example for you (note: I am not a "seasoned"
>java developer, so the following is pseudo code only).

Appreciate the effort but that doesn't do much for me when it comes to
proving it would actually work. If Mozilla allows any script to execute any
local executable (with parameters) that would indeed be very nasty, but
until I see it I'm inclined to believe it's not that easy.

>Some light research for you.........
>8 &start=20&sa=N

So what you're saying is that exploits that enable covert installation via
any other browser than IE are very hard to find. So hard that to prove they
exist you suggest a search where the first page of hits consist of mainly
IE exploits, an Opera DOS, and some "might make it possible for website to
retrieve user's bookmarks" like items.

How can you be so positive they exist. It seems you've never seen one

>Some light reading for you (hope you have a few hours)

I do. But not for learning a new language in order to try to figure out a
way to exploit non-IE browsers to deliver/execute malware.

>The website's I mentioned WILL NOT list them as exploits simply because
>they are exploits (I'd have thought that was common knowledge).

Again more generic stuff. Nothing specific. There's a major difference
between "can possibly be used to compromise" and a proof of concept piece
of code doing it. You don't supply either.

Look at it from my point of view. I've never ran across any malware
blasting through any other browser than IE. You claim there's plenty of
them yet cannot show a single example of delivering and executing a payload
without user approval. That leads me to the rather logical conclusion that
if they exist, they are apparently not proliferating in the wild.

That it's possible to create, if you master an appropriate scripting
language and make the effort, I don't doubt for a second. But that was
hardly the point.

- --

Version: PGP 8.0.3