Same old type of IE exploit

Author	All Replies
mysec Premium join:2005-11-29 kudos:4	reply to VikingBob Same old type of IE exploit Like most IE exploits, the payload in this case is a trojan executable: IExplorer 0day CVE-2010-0249 – Exploit-Comele / Hydraq / Aurora »extraexploit.blogspot.com/2010/0···249.html The following shown the point of code where it’s used the urlmon.dll method to download the binary “ad.jpg” : (My bolding) He refers to a screenshot of the exploit code showing urlmon.dll. This method has been used in countless IE vulnerabilities. This is not to downplay the severity of an unpatched exploit, but just to show that those security-minded people who keep on top of things would never succumb to an exploit that attempts to download/install a trojan executable. REFERENCE »vil.nai.com/vil/content/v_253210.htm This exploit was used during stage I of Operation Aurora. Analysis of the initial heavily-encrypted javascript exploit revealed that, if successful, the exploit would cause a connection to 'hxxp://demo[remove].jpg' downloading a malicious, XOR-encrypted binary that we detect as Roarur.dr. ---- rich
	to forum · permalink · 2010-01-20 00:42:46 ·
slajoh01 join:2005-04-23	where can we download this patch?
	to forum · permalink · 2010-01-20 12:04:02 ·
NICK ADSL UK Premium,MVM join:2004-02-22 kudos:14	it will posted as and when it has been finalized and will be available at the windows update site
	to forum · permalink · 2010-01-20 12:47:34 ·
siljaline I'm lovin' that double wide Premium join:2002-10-12 Montreal, QC kudos:17 Reviews: ·Bell Sympatico	reply to slajoh01 It's all in dp 's post »Advance Notification for Out-of-Band Bulletin Release
	to forum · permalink · 2010-01-20 14:11:30 ·
Mele20 Premium join:2001-06-05 Hilo, HI kudos:4	reply to mysec McAfee tool, Aurora Stinger, released yesterday, detects and repairs all known variants of Aurora. »siblog.mcafee.com/cto/stay-tuned···e-patch/ Download here: »vil.nai.com/vil/averttools.aspx -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	to forum · permalink · 2010-01-20 21:34:03 ·
siljaline I'm lovin' that double wide Premium join:2002-10-12 Montreal, QC kudos:17 Reviews: ·Bell Sympatico	hayc59 got the jump on you Mele20 »[App Update] McAfee Aurora Stinger 10.0.1.723
	to forum · permalink · 2010-01-20 21:55:20 ·
Mele20 Premium join:2001-06-05 Hilo, HI kudos:4	This was not just an ORDINARY update of the program. Most of us never or seldom look at Vendors. I checked here in the main forum before I posted but it didn't even occur to me to look in Vendors as that is just for ordinary updates which I can get without looking there. I think hayc59 should have posted it in the main forum. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	to forum · permalink · 2010-01-20 22:05:09 ·
siljaline I'm lovin' that double wide Premium join:2002-10-12 Montreal, QC kudos:17 Reviews: ·Bell Sympatico	Granted many of us don't look in »Security Product Vendors first. Whether hayc59 should have posted here first was his call, imo it's where it belongs as an app update. Would could quarrel until the cows come home on these sorts of issues. The way I see it, if an issue arises with a program, a Mod ostensibly would move it here for discussion.
	to forum · permalink · 2010-01-20 22:30:16 ·
Grail Knight Qui audet adipiscitur Premium join:2003-05-31 Valhalla kudos:6 Reviews: ·Time Warner Cable	reply to Mele20 quote: This was not just an ORDINARY update of the program. Most of us never or seldom look at Vendors. How do you know what most people would do? hayc59 posted his topic exactly where it belongs per the topic of the thread. (Bolding is mine) quote: Security Product Vendors New products, new releases, revisions, upgrades -- "Who is the more foolish? The fool or the fool who follows?
	to forum · permalink · 2010-01-21 05:15:43 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire kudos:13	said by Grail Knight: hayc59 posted his topic exactly where it belongs per the topic of the thread. (Bolding is mine) quote: Security Product Vendors New products, new releases, revisions, upgrades Agreed. Easy to find too with all in one place Cudni -- "what we know we know the same, what we don't know, we don't know it differently." Help yourself so God can help you. Microsoft MVP, 2006 - 2009
	to forum · permalink · 2010-01-21 10:30:56 ·

Mele20 Premium join:2001-06-05 Hilo, HI kudos:4	said by Cudni: said by Grail Knight: hayc59 posted his topic exactly where it belongs per the topic of the thread. (Bolding is mine) quote: Security Product Vendors New products, new releases, revisions, upgrades Agreed. Easy to find too with all in one place Cudni This was the first time I had heard of this product! For me, it was NOT something that belonged in "revisions and upgrades" since it was a brand new product as far as I am concerned. I don't recall ever reading about this product in this forum. I almost never visit Security Vendors. A new product should posted here. I don't need a forum to tell me that I should update security products that I have downloaded and use. I can do that just fine on my own. What I do need is a forum that presents new products to users and has a good discussion about them. This forum used to do that and it is not clear currently where a new product should be posted. This is a good example of what has been missing from this forum for some time now. Good discussions about new products! And good discussions when a product is revised to do something special like in this case. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	to forum · permalink · 2010-01-21 19:00:38 ·
siljaline I'm lovin' that double wide Premium join:2002-10-12 Montreal, QC kudos:17	You have never heard of McAfee Labs Stinger ?
	to forum · permalink · 2010-01-21 19:41:31 ·
Grail Knight Qui audet adipiscitur Premium join:2003-05-31 Valhalla kudos:6 Reviews: ·Time Warner Cable 1 edit	reply to Mele20 If you disagree with how the forum topics are set up I am sure you know how to post a new thread here. »Forum Feature Requests quote: I don't need a forum to tell me that I should update security products that I have downloaded and use. I can do that just fine on my own. Thats nice. Now can we get back to the potential thousands of others that do check forums for updates because a smart user will look at updates and feedback (if posted) because more then a few members/users know updates and revisions can cause problems. Edit* -- "Who is the more foolish? The fool or the fool who follows?
	to forum · permalink · 2010-01-21 20:11:49 ·
Mele20 Premium join:2001-06-05 Hilo, HI kudos:4	reply to siljaline No, I had not heard about it until I read an article about this IE vulnerability and the writer spoke about this Stinger and the release on the 20th for this IE vulnerability. The article was in Computer World maybe, Cnet, I don't recall exactly as I read several articles about the IE vulnerability. Of course, it is possible I heard about Stinger a long time ago and forgot. That happens more than I would like as I age. -- When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
	to forum · permalink · 2010-01-21 20:18:38 ·
Pentangle With our thoughts we make the world. Premium join:2006-06-01 Vancouver BC kudos:1	I check both forums daily--just seems like the sensible thing to do given the gravity of the subject.
	to forum · permalink · 2010-01-21 20:41:44 ·

Broadband Tech > Security > Security > [REVISED] MS Security Advisory 979352 - Vulnerability in IE