RE: [Full-Disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 box

["Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>]

Aren't their still cross-scripting problems with IE still? Plus I think
the Drag and Drop exploit is still unpatched? Comments anyone?

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of 
> Harlan Carvey
> Sent: Sunday, October 03, 2004 2:37 PM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Cc: Joel R. Helgeson; Geraldo Rivera
> Subject: Re: [Full-Disclosure] Spyware installs with no 
> interaction in IE on fully patched XP SP2 box
> 
> 
> > > This machine is a fully patched XP SP2 box, with
> > the default security
> > > settings for IE's Internet Zone. Does anybody know
> > what method this crap
> > > could be using to install without any user
> > interaction?
> 
> It's a little hard to tell accurately without taking a look 
> at what you removed; ie, saying that you cleaned things out 
> of the Registry is great, but without knowing what keys you 
> "cleaned", it's hard to tell.
> 
> However, doing a quick search on Google for "atpartners", 
> some of the info I found points to BHOs...
> 
> Sorry, wish I could help more, but I'd need more info...
> 
> =====
> ------------------------------------------
> Harlan Carvey, CISSP
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
> http://groups.yahoo.com/group/windowsir/
> 
> "Meddle not in the affairs of dragons, for you are crunchy, 
> and good with ketchup."
> 
> "The simplicity of this game amuses me. 
> Bring me your finest meats and cheeses."
> ------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html