Zero Day IE Exploit

Discussion in 'other anti-virus software' started by Mannaggia, Mar 20, 2006.

Thread Status:
Not open for further replies.
  1. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California
  2. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California

    Well I just got back from dslr and it seems that NAV doesn't stop IE from crashing either. Don't know about KAV.
     
  3. Ga1tar

    Ga1tar Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    118
    Location:
    U.K
    Used Opera 9, Firefox and IE and KIS 6 cuts in straight away
     
  4. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    Zero day exploit....huh!!!


    Just went to this website containing this zero day exploit......an guess what....NOTHING HAPPENED !!!!

    For info purposes.....the webpage contained a picture of a girl boxer.....at the bottom of the picture were the words :


    "Hello cruel world"


    this was using internet explorer


    seeya around
     
  5. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    Ok, some extra info......

    went back several times to the "exploit website".........twice IE crashed...........did some tweaking..........an lo and behold..no more crashing..........BUT...............although the exploit no longer worked........it did install itself in the Temp folder thus setting off the anti virus which id"ed it as a virus............it was cleaned.......an returned about one minute later.........this would be considered normal behavior under the circumstances........cleaning of the Temp folder solved that issue.......

    No, this is no zero day exploit.....in fact....most likely its already in the wild...........very good chance of that.

    Most anti virus programs should clean this thing........however, if its in the Temp folder that may need cleaning as well..........actually a simple cleaning of the Temp folder may get rid of the Bugger....just do the cleaning prior to shut-down
     
  6. Mannaggia

    Mannaggia Registered Member

    Joined:
    Aug 14, 2003
    Posts:
    234
    Location:
    Northern California
    I decided to install KAV 6 beta 297g just to see what would happen. The page opened, the picture of the girl was displayed. Then KAV popped up saying it detected a Trojan.JS.MBork.a. KAV won't even let me go back to that page.
     
  7. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    Have tested this earlier in the day........even went as far as to install AVG free version.........which easily caught this so-called exploit..........yup, even the humble AVG free version caught this Bug............my other AV's caught it as well but wanted to see if the freeware AV's could do so as well.......but only had time to test AVG free........

    Am not so sure this could even be considered an AV issue.......its not the use of an AV that is preventing the so-called exploit from crashing IE on my puters........the AV's simply offers a means of cleaning it up.....but that seems just as possible by cleaning the temp folders........just catching it is no big deal.....preventing it from working thats the deal.......an that was not at all difficult to succeed in doing.

    This is a good example of why a person should use layered security......an not just depend on AV or AT.........or to be forced to watch for patches..or updates.........

    oh well.....this will be my last post on this topic.........
     
  8. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Your last couple of posts is making me wonder if you even know what 'zero day' means.

    I agree. Even though in this example, you had to run out to a specific page to find it, and even then initally it didn't work hence leading to you tweaking it a lot to get it to work, and even then the only thing it did was to crash IE.....

    Yes, scary business indeed, i'm quaking in my boots and thanking God that I'm so layered :)
     
  9. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
    Devil's Advocate said :

    Yes, scary business indeed, i'm quaking in my boots and thanking God that I'm so layered :)[/QUOTE]

    :rolleyes: No argument from me on that note. :D
     
  10. beads

    beads Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    49
    I found it interesting that the exploit wasn't exposed until just after the last MS patch day.

    No big deal. Its easy enough to defeat. So consider this a small speed bump in the road compared to some of the newer rootkits out there that are still not fully detected by the majority of the AV systems.

    - beads
     
  11. aka:snowman

    aka:snowman Former Poster

    Joined:
    May 14, 2004
    Posts:
    152
    Devil's Advocate


    After reading several of your posts around the Forum it has become more than obvious that in the area of actual computer security you are very near illiterate. You do however. appear to have to have some knowledge of the workings of computers but fail in knowledge in the area of security.

    Naturally you are welcome to express your opinion just as anyone else can do..........personaly your opinion holds no value with me.
     
  12. dog

    dog Guest

    Please let's keep the personal comments/attacks out of this thread. Rather than trying to belittle one another, wouldn't it be more positive to take the role of the teacher sharing your knowledge, which would help enlighten and benefit all. Posts like these hurt the community, possibly causing members to balk at sharing their knowledge/understanding/thoughts for fear of some kind of prosecution. This doesn't at all contribute to anyones education - we are all at differing levels. Dispelling myths and challenging FUD are necessary, but it has to be done civilized with the right tact. Expanding everyones knowledge will allow for more independant though and less mindless sheep ... health debate is a good thing; expressing it like the above is not.

    Please try to make positive contributions that will foster learning.

    Thanks Kindly;

    Steve
     
Thread Status:
Not open for further replies.