ALERT: Internet Explorer Vulnerability

And because of that I understand this one is still getting through



VSantivirus no. 1158 Year 7, Monday 8 of September of 2003

Troj/JunkSurf.A. It infects with single seeing a HTML
http://www.vsantivirus.com/junksurf-a.htm

Name: Troj/JunkSurf.A
Type: Trojan horse
Alias: Win32.JunkSurf, Download.Aduent.Trojan, Downloader-ED, TROJ_JUNKSURF.A, VBS_JUNKSURF.A, TrojanDownloader.Win32.Small.aq, Win32/JunkSurf.A.Trojan, Win32/JunkSurf.A, Trojan.Aduent, Troj/JSurf-A, Adware-Surfbar
Date: 5/set/03
Platform: Windows 32-bit
Sizes: 6,657 bytes(exe), 508,000 bytes(dll), 1.536 bytes, 932 bytes

This Trojan horse uses itself the vulnerability deciphers in the bulletin of security Ms03-032 de Microsoft:
Vulnerability of object labels

Internet Explorer cannot correctly determine a type of object that gives back of a Web server an attacker could use this soft spot to execute arbitrary code in the system of a user.

If a usuary one visits the Web site of the attacker, this one could with no need take advantage of this vulnerability no other intervention from the user. An attacker also could design a message of electronic mail in format HTML to take advantage of this vulnerability.

More information:

Ms03-032 cumulative Update for IE (822925)
http://www.vsantivirus.com/vulms03-032.htm

 

Paul - can you please explain the following para. on the Secunia website .... What kind of web page? Am not too bright today.

WARNING:
If you are vulnerable, the Secunia website will execute Internet Explorer on your system and load a new web page.

 

It will then load this page...


http://www.secunia.com/MS03-032/TEST_OBJECT/test.html

 

Thanks for the update, will these HACKtiveX exploits never end?

 

I've been calling it that since the early days of IE with Win95 since their proprietary applets have been the source of many security exploits

If they didn't use HacktiveX, vbscripting, and even making new kinds of executables like .hta based on IE there wouldn't be as many exploits as there are today.

 

In our company (2500 clients) we disabled ActiveX for the internet sites zone in IE. You don't want to know how many professionally used sites use ActiveX. We've got to move those addresses to the trusted sites zone in IE. That's a lot of work...

I plan to make a black list

 

Hi John,

Nope, nothing to do : it does not use a *.hta but a*.exe
Mabybe the test server was down or overcrowed when you perform the test : first time I ran it it also failed.

The only way to prevent is by unactivating activeX in Internet zone. (or at least ask before execution to get a warning)

Nevertheless, it a good thing to use htastop

Rgds

 

Hi LowWaterMark,

So sorry for the missunderstanding

I came to the same conclusions as you did, I have activeX on prompt an use htastop too :-D

Bu my so and so English let me understand that your post said that preventing hta execution prevented the failure in IE.

So sorry, I am trying hard improving my English : some more years needed :-D

Best regards,

 

I don't know that much about computing yet. What is Active X ?? I'm on Win XP Home. How do I disable it ?

 

Hi Joe:

Start Menu > Control Panel > Internet Options > Click Security Tab > Select Custom Level. The first seven options pertain to Active X > Disable those you wish. (I disable all of them in the Internet Zone, but enable all in the trusted zone). When finished click OK and you'll be prompted if you really want to change the settings - click yes or OK. If you're already on-line in IE you can simply click Tools > Internet Options and you'll get to the same place to change your options.

Regards, Rick

 

Rick, before I disable these ... what is Active X used for ?

 

Bad things in general

 

Done. I feel better already !

Thanks for the info Rick.

 

ActiveX: for how much longer?

Joe,

ActiveX is used to run programs inside the IE browser.
ActiveX controls being executed on the users computer means that these programs can be exploited (abusing the ActiveX technology) by other malicious programs with a potentially destructive role.
For some websites to work properly you have to enable ActiveX. To do so you could add the sites where you want them to run to your trusted Sites, after disabling ActiveX for the Internet Zone.
Here are a few means to protect yourself from known abuse of ActiveX:
IE-Spyad
SpywareBlaster

HTH,

Pieter

 

Man! am I glad I found this site ! I'm a fairly new computerer, and I've been getting a little paranoid in the last few months ! I've already installed the Spyware Blaster.
Say, how will I know if a website needs the ActiveX enabled ??
I'm on Win XP Home. I have Norton Internet Sec., and I'm behind a Router/Firewall. I also have the Spybot Search and Destroy.

What else should I do, or have, to be a little safer ??

~ Joe www.woodsshop.com/

 

Hi Joe,

If a website needs ActiveX to work you will get a warning that the page can not be displayed properly.

If you really need it to work and you trust the site, then you can add it to your trusted sites.

A good place to start reading is here: http://www.wilders.org/
Just follow the lead from there.
If you have any questions, you know where to find us.

Regards,

Pieter

 

Hi Joe: There was a day when all you could do is just view a page on the web, now scripting and Active X make these pages interactive, like dancing balloons, nifty sparklers with ads and all that good (but exploitable) stuff. It’s typically necessary for playing games on the web, so you can interact with them. I often get the prompt Peiter mentioned and just click OK. Never had trouble viewing the page anyway to view the info I want, so if I miss a dancing balloon, in light of these risks it’s fine by me. I also disable File Downloads, that way if I hit tricked link, it won’t be able to download the first place. If I expect to download something I’m only a couple of clicks away from enabling it.

Over time you get a feel for what sites to put in your trusted zone. Since my regular zone is so restricted when I search around, if a site can’t give me want I want unless I expose these vulnerabilities, I just move to another source that can. Follow the links and other good advice these guys offer. I’ve never bad a single exploit/virus/trojan as a result. Among other things, don’t forget to follow good e-mail protocol, since e-mail represents the most prolific threat of all today (just be sure to view mail in plain text and be ultra leery of attachments). Anyway, gaining control of these security settings puts you far ahead of the game and most added security programs too. Later, Rick.