Zero Day IE Exploit?

Discussion in 'NOD32 version 2 Forum' started by Mannaggia, Mar 20, 2006.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    IE 6 with NIS, multiple attemps, IE crashes each time, no warning from NIS.
    Firefox ok.
     
  2. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    woohooo
    tried it with firefox no crash :D :D :D :D :D :D
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, come on guys, why are you still using IE.... switch on FF or Opera and your life will change. :D
     
  4. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,506
    Location:
    The San Joaquin Valley, California
    I don't want to start any verbal wars, but I do have a question. With this Exploit, how come KAV notifies that it is a trojan and also NAV, but no notification from NOD. I use NAV 2006 and although the page wouldn't open, NAV said it was a trojan. Can the NOD people please explain. Wouldn't NOD's heuristics catch it if it's a Zero day exploit? Not an expert when it comes to NOD, or exploits/trojans, so just asking. :)
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan

    EDIT: I think probably my NIS may not be fully updated as some people are posting that NAV caught it.
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    I hear you brother, IE is for suckers (bla bla we make it secure bla bla).
    Since it's in the OS, you can blargh and blah and still get no effect.. But I guess you knew that already? :D
     
  7. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    140
    Location:
    The Emerald Isle
    No problems with IE7 beta 2, NOD32 and Ewido (resident). All is as it should be...
     
  8. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
  10. stnien

    stnien Registered Member

    Joined:
    Dec 15, 2005
    Posts:
    34
  11. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,910
    Location:
    USA
  12. Cybermax

    Cybermax Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2
    Just gave it a whirl in a test environment (VMWare.. hehe) with Nod32, and the IE crashes instantly.. then i redid it with Symantec Antivirus 10.0.. and IE showed the picture, and i got a nice warning from SAV about a threat..

    So.. what to say about that? Not only do i have serious problems on my x64 XP, but it also detects heuristics worse than Symantec AV.. What in the world have happened to NOD??

    That.. kinda.. is BAD :(
     
  13. stnien

    stnien Registered Member

    Joined:
    Dec 15, 2005
    Posts:
    34
    oh, my god. IE still crash with nod32 v1.1460. :mad:
    some anti-virus softwares can detect it, but why nod32 can't ?! o_O
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
  15. duijv023

    duijv023 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    230
    Location:
    Rijnsburg, Netherlands
    WHY WHY WHY WHY

    Do you all want to test unreliable linkso_O??

    Just use firefox instead, AND disable active scripting and stay away from th dark sites if the web?

    Is that so hardo_O? And when something crashes, then NOD can be blamed for not respondingo_O
    I don't think so. I think the user him/herself has to surf in a responsible way, and use his or hers brains to do what they're for: THINKING!

    Excuse me for being a little bit rude.
    It is not my intension to hurt anybody, but I hope you all wil wake up!!
     
  16. Jaska

    Jaska Registered Member

    Joined:
    May 7, 2004
    Posts:
    98
    Somebody must test these things and the folks here know what they are doing.
    The problem is not the "bad" sites but the "good" sites where these exploits can be planted.
    It IS very strange why ESET does not get the fix for this. Maybe it is not so widespread problem but it is spreding bad word about Nod32.
     
  17. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    As long as NOD detects the malware coming in through the exploits, I see no reason why NOD should add detection. :)
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    Nod protects against this exploit. Link
     
  19. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Thanks Ronjor! :)

    Cool offer BTW, free version of NOD32 untill the exploit is patched! :thumb:
     
  20. Jaska

    Jaska Registered Member

    Joined:
    May 7, 2004
    Posts:
    98
    But it is detecting these? If it does not detect the exploit which crashes IE how can it detect something else related to this exploit?
     
  21. stnien

    stnien Registered Member

    Joined:
    Dec 15, 2005
    Posts:
    34
    I know most of users in this forum are NOD32's supporter and we all like to use NOD32. But accordig to this problem, the fact is that NOD32 can't protect us and avoid our IE crash. But Kaspersky and Symantec did it!! :(

    PS: It doesn't matter with IE or Firefox.
     
  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Did you not read Ronjor's link? NOD32 has protected since March 24. Kaspersky and Bit Defender have protected since the 18th for KAV and the 19th or 20th for BD.(I know BD was protecting on the 2oth when I upgraded IEbeta1 to beta2 and BD still thought, and thinks to this day, that I have the trojan in my IE TIF. It alerts about ten times a day. Of course, I have emptied the TIF many times). Anyhow, Eset is giving NOD32 free to anyone wanting it for protection. It will deactivate after MS issues the patch on the second Tuesday of April. I think that is a great offer as many of the AV vendors still don't detect it and it is a long time until the second Tuesday of April. Not everyone wants to either use Fx until then or install IE7b2 which is immune.
     
  23. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    in the article that ronjor linked to it says:

    NOD32 identifies the infiltration as “JS/Exploit.CVE-2006-1359 trojan“ from 1.1457 virus signature database version.

    and the 1.1457 update was released on 24th march. i haven't gone to the infected page myself so can't say what happens.

    lee
     
  24. TradeMark

    TradeMark Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    65
    and of course nod32 is detecting it.
     
  25. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    I'm not sure, but my understanding ws that this exploit was used as a "dropper" to install malware?

    If I make a mistake here, please correct me people :ninja:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.