site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Windows MetaFiles still vulnerable

Search Topic:
 Share Topic
Posting?
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

KyeU

join:2003-12-31
Canada

reply to redxii

Re: Windows MetaFiles still vulnerable

Beehappyy uses 4 methods to infect the user.

1. Loads free.anr through "{CURSOR: url("free.anr")}", which downloads xxx.exe to the C:\ Drive

2. Loads an IFRAME with the .WMF exploit.

3. Loads a tiny Java applet: "BlackBox.class", which modifies the Windows permissions I think.

4. Uses the Windows CHM Help File exploit.
to forum · permalink · 2005-12-28 20:39:29 · (locked)


jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR

So I'm assuming this server tries all 4 but in sticking within thread, option 2. is the one we are concerned about now. This is the IFRAME/wmf exploit. Or is it a combination of all four?
I'm still waiting to see just what the attack vector is.

As was reported earlier, unless something has changed, the exploit attempts an ftp session to download the xxx.exe file.

to forum · permalink · 2005-12-28 20:58:01 · (locked)

KyeU

join:2003-12-31
Canada

The other 3 methods are standard driveby methods that have existed for a while now.

The new one is the WMF file exploit.

to forum · permalink · 2005-12-28 21:00:20 · (locked)
Forums > Broadband Tech > Security > Security

Sunday, 27-May 21:41:19 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics