Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Spyware installs with no interaction in IE on fully patched XP SP2 box
From: GuidoZ <uberguidoz () gmail com>
Date: Sun, 3 Oct 2004 12:29:09 -0700

What's the website address? Most likely looking at the html/scripting
would be the easiest way to find the answer.

Peace. ~G

On Sun, 03 Oct 2004 14:16:40 -0400, Geraldo Rivera
<iamafraud () hotmail com> wrote:
Last night I went to a site that I have been to on and off for years. The
page loaded and then in IE's status bar I saw something suspicious:
"installing components...atpartners.cab". I could not close out of IE, and I
could not kill the iexplorer.exe process. It totally locked up and I had to
reboot my machine. When my machine came back up, I had at least 6 different
pieces of spyware/adware on my machine. IT took me almost 2 hrs to clean up.
I manually deleted a bunch of crap (stuff I had found through the run key in
the registry, suspicious processes running, suspicious files in the usual
dir's, and by searching for all files modified at the time this happened).
Even after all that, Ad-Aware found 143 entries (none were cookies, mostly
registry entries and a few dll's) and then Spybot found an additional 2
registry entries.

This machine is a fully patched XP SP2 box, with the default security
settings for IE's Internet Zone. Does anybody know what method this crap
could be using to install without any user interaction?

Express yourself instantly with MSN Messenger! Download today - it's FREE!

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]