IE Exploit Attacks Another Piece of ActiveX

Discussion in 'other security issues & news' started by the mul, Jul 9, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland
    Using Internet Explorer hasn't gotten any safer in the past few days as a Dutch security hacker, Jelmer Kuperus, pointed out yet another unblocked security problem in the popular Web browser.

    The latest exploit, an attack on a Windows ActiveX component called Shell.Application, is similar to the Download.Ject attack, also called JS.Scob.Trojan. In that exploit, crackers broke into IIS servers on several popular but still unnamed sites and used them to spread keyboard loggers, proxy servers and other malware through IE's ActiveX scripting technology.

    Indeed, attackers used the spyware technique of installing a pop-up ad program, except this one silently installed a Trojan and a BHO (Browser Help Object) designed to swipe login information from several dozen financial sites...

    http://www.eweek.com/article2/0,1759,1620825,00.asp?kc=EWMS102049TX1K0100487


    The MUL
     
    the mul, Jul 9, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...