Author Topic: virii #70,102 or something  (Read 856 times)

avello500

  • Member
  • **
  • Posts: 344
  • Kudos: 0
    • http://www.suicidaltendencies.com/
virii #70,102 or something
« on: 23 August 2003, 14:12 »
http://www.eweek.com/article2/0,3959,1227034,00.asp


 
quote:
The more dangerous of the two vulnerabilities results from IE's failure to properly check the object type that is returned from a Web server. It doesn't take much for an attacker to exploit this flaw; all that's needed is for a user on a vulnerable machine to visit an attacker's Web site. The attacker would be able to compromise the PC without the user doing anything but calling up the site.


and why wasnt this fixed sooner?
fucking tools
i would laugh if it wasnt so sad...
How can you say im crazy? You wouldnt know what crazy was if Charles Manson was eating Fruit Loops on your front porch.  -- mike muir/suicidal tendencies

ShawnD1

  • Member
  • **
  • Posts: 77
  • Kudos: 106
virii #70,102 or something
« Reply #1 on: 24 August 2003, 04:15 »
That's for IE users though. People who use IE almost deserve it lol.

bigsleep

  • Member
  • **
  • Posts: 105
  • Kudos: 0
virii #70,102 or something
« Reply #2 on: 24 August 2003, 05:42 »
Me: Hey! I tried to download one of your game maps, but Mozilla downloaded it as text - the map doesn't work.
Webmaster: Huh, that's odd, it works fine in IE. Why don't you just use IE?
Me: Why don't you just zip the files? Your server seems to handle zips OK. It doesn't know map files.
Webmaster: (no response, site still fucked up).
Me: (gave up complaining to webmasters that obviously use IE).

I've never tried to spread a virus this way, but I'd  imagine it's as easy as this code:
<object data="virus.js"></object>
where "virus.js" is actually an executable file. I'm not sure which file extensions work this way, I would suspect ".js" would work good since most servers send out ".js" as text/javascript and browsers like Mozilla might try to parse it (and fail, since it will be corrupted), but windows will (I assume) download it raw and see that it's a PE and try to execute it.
Like I said I don't know exactly how (or which extensions work), but I know it's quite easy to figure out.

BTW; I've gotton serveral of these new viruses and Mozilla can't open them at all. I tried to extract the virus from the eMail in order to check it in my virus scanner and get it's name, but it seems there's an error in the encoding. I even tried using WinRar, which I've used before this way. So it seems that OE/IE's error handling is what enables the virus to work at all.