Bugtraq: Re: idsearch.com and googleMS.DLL

[Gary Flynn <flynngn () jmu edu>]

Jelmer wrote:

> thats this issue :
>
> http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-09/0654.html
>
> Unfortunatly I imagine it's being used pretty heavily to install malware
> since I had some run ins with
> it myself just browsing some sites
For the past several weeks, I've seen several new web sites a
day attempting to exploit either the HTA or ADODB vulnerability to
execute code on visiting clients. Some are just messing with IE
favorites. Others are scraping email addresses and downloading
executables. Some of those executables are known malware, usually
remote control trojans, that are detected by AV software. Some are
not detected. I'd imagine that Carnegie Mellon's CERT, DShield, and
other central monitoring organizations would have more enlightening
statistics on the size of this problem.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University