IE Exploit Attacks Another Piece of ActiveX

Discussion in 'other security issues & news' started by the mul, Jul 9, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    Using Internet Explorer hasn't gotten any safer in the past few days as a Dutch security hacker, Jelmer Kuperus, pointed out yet another unblocked security problem in the popular Web browser.

    The latest exploit, an attack on a Windows ActiveX component called Shell.Application, is similar to the Download.Ject attack, also called JS.Scob.Trojan. In that exploit, crackers broke into IIS servers on several popular but still unnamed sites and used them to spread keyboard loggers, proxy servers and other malware through IE's ActiveX scripting technology.

    Indeed, attackers used the spyware technique of installing a pop-up ad program, except this one silently installed a Trojan and a BHO (Browser Help Object) designed to swipe login information from several dozen financial sites...,1759,1620825,00.asp?kc=EWMS102049TX1K0100487

    The MUL
Thread Status:
Not open for further replies.