Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: How big is the danger of IE?
From: "Skander Ben Mansour" <full-disclosure () benmansour net>
Date: Thu, 8 Jul 2004 21:59:20 +0200

Hi Bob,

I believe the following was discussed in the recent news, as well as
other security mailing lists, but in summary:

The following link details compromised/malicious web servers infecting
end-users by exploiting unpatched vulnerabilities in IE browsers:
http://isc.sans.org/diary.php?date=2004-06-25
The infection results in the installation of a keylogger, and various
backdoors on end-users computers, which definitely has an impact on
privacy of business information.

Excerpt:
"A large number of web sites, some of them quite popular, were
compromised earlier this week to distribute malicious code. The attacker
uploaded a small file with javascript to infected web sites, and altered
the web server configuration to append the script to all files served by
the web server. The Storm Center and others are still investigating the
method used to compromise the servers. Several server administrators
reported that they were fully patched. 

If a user visited an infected site, the javascript delivered by the site
would instruct the user's browser to download an executable from a
Russian web site and install it. Different executables were observed.
These trojan horse programs include keystroke loggers, proxy servers and
other back doors providing full access to the infected system. 

The javascript uses a so far unpatched vulnerability in MSIE to download
and execute the code. No warning will be displayed. The user does not
have to click on any links. Just visiting an infected site will trigger
the exploit."


More generally, and partly because of its wide-spread use today, IE is a
main target of malware developers. While other browsers are not immune
to security flaws, switching to another browser may significantly reduce
the likelihood of a browser flaw being exploited.

CERT recently recommended using a different web browser:
http://www.theregister.co.uk/2004/06/28/cert_ditch_explorer/
http://www.us-cert.gov/current/current_activity.html#iis5
"There are a number of significant vulnerabilities in technologies
relating to the IE domain/zone security model, the DHTML object model,
MIME type determination, and ActiveX. It is possible to reduce exposure
to these vulnerabilities by using a different web browser, especially
when browsing untrusted sites. Such a decision may, however, reduce the
functionality of sites that require IE-specific features such as DHTML,
VBScript, and ActiveX. Note that using a different web browser will not
remove IE from a Windows system, and other programs may invoke IE, the
WebBrowser ActiveX control, or the HTML rendering engine (MSHTML). "

I hope this helps.

Best Regards,

Skander Ben Mansour



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Yaakov
Yehudi
Sent: Thursday, July 08, 2004 7:59 AM
To: FULL-DISCLOSURE () lists netsys com
Subject: [Full-disclosure] How big is the danger of IE?


I would be interested to hear just how big the danger
of IE is.  
How could it affect the privacy of big business?, or
any business for that matter?  

or what about the Government - could information leak
from govenrment employees computers?  They do
something to stop that right?

Bob Palliser


                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]