[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] FW: Re: AIM Password theft



Hi Brent,

This is a recent known vuln. See [1] & [2]. AFAIK,
there is no patch from MS yet for this, though, there
is a workaround [3] that you can try at your own risk.

[1] http://www.securityfocus.com/archive/1/337285
[2] http://www.securityfocus.com/archive/1/337440
[3]
http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm
-> See section (3) on this page.

--
Best Regards,
S.G.Masood

Hyderabad,
India.
--



Brent Meshier Wrote:

Mark,
        The code you just sent looks familiar to a SPAM I
received
attempting to hijack users' e-gold accounts.  Out of
curiosity I
followed that link which loaded start.html (attached).
 What worries me
is that I'm running IE 6.0.2800.1106 with all the
latest patches from
Microsoft and this page (start.html) rewrote
wmplayer.exe on my local
drive without notice.  After closing the page, I found
two .exe files on
my desktop (which loaded from
http://doz.linux162.onway.net/eg/1.exe).
Is this a new unknown vulnerability?

Brent Meshier
Global Transport Logistics, Inc.
http://www.gtlogistics.com/
"Innovative Fulfillment Solutions

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html