MSIE VML exploited

Discussion in 'NOD32 version 2 Forum' started by duijv023, Sep 23, 2006.

Thread Status:
Not open for further replies.
  1. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    does NOD32 - v.1.1770 (20060923)
    already contain any kind of protection against this?

    (of course i do not say you can use IE better than alternatives like firefox :D )

    grtz
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Version=1.1769 (20060923)
    BAT/StartDcom.A, BAT/TGF, Bat2Exec.Stella.B,HTML/Exploit.VMLFill (3), IRC/SdBot (6), JS/TrojanDownloader.Agent.NAA, Win32/Adware.404Search, Win32/Adware.Agent.AM (5), Win32/Bifrose.AAF, Win32/Bifrose.AAG, Win32/Brontok.CH, Win32/Exploit.Agent.AE, Win32/Hupigon (6), Win32/Hupigon.CFZ, Win32/Liondoor, Win32/NoonLight.Q (2), Win32/Prorat.FM, Win32/PSW.Agent.NAP (2), Win32/PSW.Agent.NAQ (2), Win32/PSW.Delf.NBK (3), Win32/PSW.Delf.NBL (4), Win32/PSW.LdPinch.AXQ (2), Win32/PSW.LdPinch.NCB (3), Win32/PSW.Legendmir, Win32/PSW.Legendmir.BBN (2), Win32/PSW.Lineage.AJP (2), Win32/PSW.QQPass.IW, Win32/PSW.Small.BS, Win32/Rbot (5), Win32/Small.JL (2), Win32/Spy.Bancos.U (2), Win32/Spy.Banker.ANV, Win32/Spy.BZub.NAO (3), Win32/Spy.BZub.NAP (2), Win32/Spy.Delf.NDH (2), Win32/Spy.Goldun.MS (4), Win32/Spy.Goldun.NAJ (3), Win32/TrojanDownloader.Adload.FR, Win32/TrojanDownloader.Banload.NIW (2), Win32/TrojanDownloader.Delf.AYE (2), Win32/TrojanDownloader.Delf.NNO, Win32/TrojanDownloader.Delf.O G, Win32/TrojanDownloader.Oleloa, Win32/TrojanDownloader.Oleloa.E (2), Win32/TrojanDownloader.Small.AWA, Win32/TrojanDownloader.Small.DIB, Win32/TrojanDownloader.Small.NOX, Win32/TrojanDownloader.Small.NOZ (2), Win32/TrojanDownloader.Small.NPA (2), Win32/TrojanDownloader.Zlob.ADA (3), Win32/TrojanDownloader.Zlob.ADB (2), Win32/TrojanDownloader.Zlob.ADC (3), Win32/TrojanDownloader.Zlob.ADS (4), Win32/TrojanDropper.Mudrop.V, Win32/TrojanDropper.MultiJoiner.CK, Win32/VB.AMD (2), Win32/VB.AXZ, Win32/Viking.AE (2), Win32/Viking.AK (3), Win32/Viking.AO, Win32/Viking.AP, Win32/Viking.AR, Win32/Viking.NAM, Win32/WinterLove.AV (2), Win32/Zapchast (2)
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
  4. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    thnx guys,

    i think i'm gonna grab a beer now :D

    i can encourage you to do the same....... cheers!
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    I'd like to add that you should be protected against all future variants - we have improved generic detection and released 2 updates shortly after each other.
     
  6. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    yes, I saw 1770 coming in, and on the eset site 1771 announced already.
    this is nice!

    btw my beer tastes very good ;-)

    greetings from holland
     
  7. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    duijv023's , when you want to search something in NOD32 UPdates database you may use the nod32sse.com website. ;)
     
  8. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    thanks,
    i didn't know that site, nice info!
    :)
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    It is in my signature for a long time. :D
     
  10. Kniht

    Kniht Registered Member

    Joined:
    Jan 20, 2006
    Posts:
    20
    NOD32 doing it's job

    Went to the Zert website to download a temporary patch for the buffer overflow in VLM library used by Microsoft IE and Outlook (until MS releases the official patch in October).

    While at this site http://isotf.org/zert/download.htm I decided to click on the link that tests the temporary emergency patch. It states an unpatched IE will crash when the link is clicked. I clicked on this link with IE unpatched and IMON immediately popped up with a message box stating it had detected some nasty files and denied me access to the site.

    Way to go NOD32!
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Re: NOD32 doing it's job

    Don't worry, you are fully protected. A couple of hours ago, I ran into an exploit variant detected only by NOD32 and the guys from the lab confirmed it was not a false positive.
     
  12. ASpace

    ASpace Guest

    Just to inform you , Microsoft already released an official patch for this available for all genuie MS users on http://windowsupdate.microsoft.com

    It needs no restarting , though :)

    Excellent job , ESET !
     
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    they were faster this time. Thx for the info HiTech boy
     
  14. ASpace

    ASpace Guest

    No problems!:D
     
Thread Status:
Not open for further replies.