Full Disclosure: RE: MSN Webcam / Chat Spoof

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: MSN Webcam / Chat Spoof

From: Daniel Dočekal <daniel () pooh cz>
Date: Mon, 12 May 2003 08:08:22 +0200

Browser Plugin is ADULT DIALER - it connects via modem to telephone
service and you pay your sexy adventure through your telephone bill. In
many cases, there are adult dialers committing fraud - they redirect
your dial-up internet connection to very expensive number without your
knowledge. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Richard M.
Smith
Sent: Monday, May 12, 2003 3:40 AM
To: full-disclosure () lists netsys com; secure () microsoft com
Subject: RE: [Full-disclosure] MSN Webcam / Chat Spoof


You missed the good part.  If you actually go to the "MSN" Web site and
press the "Connect Now" button, the site tries to download some
questionable ActiveX control.  Not to worry however:
 
   Just press YES in the dialog box when it appears. This operation is
totally safe and certified by Microsoft AuthenticodeT
 
The control is signed by "Browser Plugin".  I guess Thawte will give
anyone an Authenticode certificate nowadays.  I wonder who "Browser
Plugin" really is?

By Date By Thread

Current thread:

MSN Webcam / Chat Spoof morning_wood (May 11)
- RE: MSN Webcam / Chat Spoof Richard M. Smith (May 11)
- <Possible follow-ups>
- RE: MSN Webcam / Chat Spoof Daniel Dočekal (May 11)
  - RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)
    - RE: MSN Webcam / Chat Spoof Daniel Dočekal (May 12)
    - RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)
    - Re: MSN Webcam / Chat Spoof Valdis . Kletnieks (May 12)
    - RE: MSN Webcam / Chat Spoof Richard M. Smith (May 12)