Re: Spyware/adware and Internet Explorer

From: Frode (news_at_mascot.REMOVETOREPLY.dyndns.org)
Date: 02/03/04


Date: Tue, 03 Feb 2004 19:35:17 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steven Burn wrote:
>Here's a quick javascript example for you (note: I am not a "seasoned"
>java developer, so the following is pseudo code only).

Appreciate the effort but that doesn't do much for me when it comes to
proving it would actually work. If Mozilla allows any script to execute any
local executable (with parameters) that would indeed be very nasty, but
until I see it I'm inclined to believe it's not that easy.

>Some light research for you.........
>http://www.google.co.uk/search?q=browser+exploit&hl=en&lr=&ie=UTF-8&oe=UTF-
>8 &start=20&sa=N

So what you're saying is that exploits that enable covert installation via
any other browser than IE are very hard to find. So hard that to prove they
exist you suggest a search where the first page of hits consist of mainly
IE exploits, an Opera DOS, and some "might make it possible for website to
retrieve user's bookmarks" like items.

How can you be so positive they exist. It seems you've never seen one
either?

>Some light reading for you (hope you have a few hours)

I do. But not for learning a new language in order to try to figure out a
way to exploit non-IE browsers to deliver/execute malware.

>http://www.hack3r.com/index.cfm?sec=programming&page=4
>http://www.hack3r.com/index.cfm?sec=texts&page=1
>
>The website's I mentioned WILL NOT list them as exploits simply because
>they are exploits (I'd have thought that was common knowledge).

Again more generic stuff. Nothing specific. There's a major difference
between "can possibly be used to compromise" and a proof of concept piece
of code doing it. You don't supply either.

Look at it from my point of view. I've never ran across any malware
blasting through any other browser than IE. You claim there's plenty of
them yet cannot show a single example of delivering and executing a payload
without user approval. That leads me to the rather logical conclusion that
if they exist, they are apparently not proliferating in the wild.

That it's possible to create, if you master an appropriate scripting
language and make the effort, I don't doubt for a second. But that was
hardly the point.

- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQB/pxuXlGBWTt1afEQL8OwCfdGD8iTkb0Vj9Qfv/M0QSdrxR4dMAn0sV
yaVtz6sByaTb/V7FgfUFgmal
=JaaI
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Spyware/adware and Internet Explorer
    ... so the following is pseudo code only). ... If Mozilla allows any script to execute any ... any other browser than IE are very hard to find. ... way to exploit non-IE browsers to deliver/execute malware. ...
    (alt.computer.security)
  • Re: Malware Triangle
    ... Ok, the capable browser says "Ooh look, a script tag! ... > ability to act as a container for non-html content, ... > that conglomeration is an html document, ... > execute the additional content contained within html documents they ...
    (alt.computer.security)
  • Re: Function execution before page reload
    ... if ){printf("Can't connect to MySQL Server. ... browser. ... Interaction between PHP and the browser is one-way - the PHP ... > In the short example above does the script execute the function BEFORE ...
    (comp.lang.php)
  • Re: Function execution before page reload
    ... browser. ... Interaction between PHP and the browser is one-way - the PHP ... > In the short example above does the script execute the function BEFORE ... The server receives information from the browser and sends html back to the ...
    (comp.lang.php)
  • Re: C++ Program
    ... > applet and let the Java applet execute the C++ program? ... > be run in a browser. ... I already have a website and a web host. ...
    (microsoft.public.frontpage.programming)