Feb 15th: New year new bugs
Posted: 2004-01-28 01:41am
StarDestroyer.Net BBS
Get your fill of sci-fi, science, and mockery of stupid ideas
https://bbs.stardestroyer.net/
Feb 15th: New year new bugs
Page 1 of 4
Posted: 2004-02-16 03:02pm
A new IE exploit based on the leaked windows code has been found.
Posted: 2004-03-05 02:17am
Posted: 2004-03-06 04:24pm
Posted: 2004-03-06 09:06pm
Please keep this thread clear of clutter. Post alerts (and if available, solutions) only.
Posted: 2004-04-04 10:58am
Looks like there is a new expliot based on that acursed Windows Compiled HTML help out again.
It uses javascripting to execute, so just loading the page is enough to get infected.
Ran into this one in the wild, and infected some people who did have the latest windows updates. However it is fairly simple to remove.
Simple look and see if the process 'nosc32.exe' is running, if so kill it. If that doesnt work, reboot into safemode and kill it. (Taskmanager->Process->select 'nosc32.exe'->click 'end process'). It hooks into HKLM\Software\Microsoft\Windows\CurrentVersion\Run to get autostarted at boot, and might do HKCU as well.
To completely remove it, delete the following files after killing the process
"c:\windows\system32\nosc32.exe" (or where ever you system32 directory is).
Clear your internet temp files to get rid of the rest of the junk which it used to infect your system.
Following files: nosc32.exe, loi.exe, LOI.CHM, f-tri.html (Orig. page), loi.html, 7449-Booger.swf(the bait)
The virus spams irc channels to watch a flash move, the page then loads worm while the the flash movie is playing and starts spamming irc channels.
:edit:
And its finally been noticed:
Vulnerability in Internet Explorer ITS Protocol Handler
It uses javascripting to execute, so just loading the page is enough to get infected.
Ran into this one in the wild, and infected some people who did have the latest windows updates. However it is fairly simple to remove.
Simple look and see if the process 'nosc32.exe' is running, if so kill it. If that doesnt work, reboot into safemode and kill it. (Taskmanager->Process->select 'nosc32.exe'->click 'end process'). It hooks into HKLM\Software\Microsoft\Windows\CurrentVersion\Run to get autostarted at boot, and might do HKCU as well.
To completely remove it, delete the following files after killing the process
"c:\windows\system32\nosc32.exe" (or where ever you system32 directory is).
Clear your internet temp files to get rid of the rest of the junk which it used to infect your system.
Following files: nosc32.exe, loi.exe, LOI.CHM, f-tri.html (Orig. page), loi.html, 7449-Booger.swf(the bait)
The virus spams irc channels to watch a flash move, the page then loads worm while the the flash movie is playing and starts spamming irc channels.
:edit:
And its finally been noticed:
Vulnerability in Internet Explorer ITS Protocol Handler
Currently, there is no complete solution for this vulnerability. Until a patch is available, consider the workarounds listed below.
Disable ITS protocol handlers
Disabling ITS protocol handlers appears to prevent exploitation of this vulnerability. Delete or rename the following registry keys:
Disabling these protocol handlers will significantly reduce the functionality of the Windows Help system and may have other unintended consequences. Plan to undo these changes after patches have been tested and installed.Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\{ms-its,ms-itss,its,mk}
Follow good Internet security practices
These recommended security practices will help to reduce exposure to attacks and mitigate the impact of cross-domain vulnerabilities.
- Disable Active scripting and ActiveX controls
NOTE: Disabling Active scripting and ActiveX controls will not prevent the exploitation of this vulnerability.
Disabling Active scripting and ActiveX controls in the Internet and Local Machine Zones may stop certain types of attacks and will prevent exploitation of different cross-domain vulnerabilities. Disable Active scripting and ActiveX controls in any zones used to read HTML email.
Disabling Active scripting and ActiveX controls in the Local Machine Zone will prevent malicious code that requires Active scripting and ActiveX controls from running. Changing these settings may reduce the functionality of scripts, applets, Windows components, or other applications. See Microsoft Knowledge Base Article 833633 for detailed information about security settings for the Local Machine Zone. Note that Service Pack 2 for Windows XP includes these changes.- Do not follow unsolicited links
Do not click on unsolicited URLs received in email, instant messages, web forums, or Internet relay chat (IRC) channels.- Maintain updated anti-virus software
Anti-virus software with updated virus definitions may identify and prevent some exploit attempts. Variations of exploits or attack vectors may not be detected. Do not rely solely on anti-virus software to defend against this vulnerability. More information about viruses and anti-virus vendors is available on the US-CERT Computer Virus Resources page.
Posted: 2004-05-01 11:40pm
New worm alert 1 May 2004:
Anyone who has not applied patch as listed in MS Security Bulletin MS04-011 should do so ASAP -- just hit Windows Update.
Details on the Sasser worm may be found here at SANS
Anyone who has not applied patch as listed in MS Security Bulletin MS04-011 should do so ASAP -- just hit Windows Update.
Details on the Sasser worm may be found here at SANS
Posted: 2004-05-11 01:56pm
New critical update @windowsupdate
This time it's an update of an old patch
Info at Microsoft
No reboot to apply this one for once
This time it's an update of an old patch
Info at Microsoft
No reboot to apply this one for once
Posted: 2004-06-04 12:23pm
There's a new worm out called "Korgo". This strain is like Sasser and exploits a backdoor to your system, but installs a key logger app. and is used primarily to get sensitive data like bank account numbers and details.
Posted: 2004-06-09 01:28pm
Another VERY BAD Internet Explorer hole has been discovered -- actually, two. Only one of them is fixed by WinXP Service Pack 2.
The only known solution right now is to disable Active Scripting for all but the websites that you trust.
The Secunia advisory can be read if you want more information.
The only known solution right now is to disable Active Scripting for all but the websites that you trust.
The Secunia advisory can be read if you want more information.
Posted: 2004-06-27 03:50pm
CERT is now recommending that IE users switch to non-affected browsers like Opera or Mozilla because of the js.scob.trojan virus that's now spreading across the Internet. I'm pretty sure this is related to the above hole.
CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions.
Posted: 2004-06-30 04:00am
There is a new BHO (Browser Helper Object) that steals the passwords used in a SSL connection from internet explorer.
This stuff is bad and a full analysis of the attack can be found here:
Long URL to a PDF
To be safe, don't use IE when doing transactions, get some other browser and use that one.
This stuff is bad and a full analysis of the attack can be found here:
Long URL to a PDF
To be safe, don't use IE when doing transactions, get some other browser and use that one.
Posted: 2004-07-02 09:44am
The fix is just in:Crayz9000 wrote:Another VERY BAD Internet Explorer hole has been discovered -- actually, two. Only one of them is fixed by WinXP Service Pack 2.
The only known solution right now is to disable Active Scripting for all but the websites that you trust.
The Secunia advisory can be read if you want more information.
Frigging long link @ MS
The dokumentation:
http://support.microsoft.com/?kbid=870669
This update ain't in Windowsupdate yet but I think it will be there really soon.
--***--- EDIT ---***---
The Fix is availeble at www.windowsupdate.com suggest that you all go there and get it.
Posted: 2004-07-27 05:57am
A shitload of updated appeared from MS at 20040713 but I haven't checked for updates du to vacation.
Anyways those you need can be found at windowsupdate or D/L the stuff from here:
Microsoft.com
This is the Juli update info
Anyways those you need can be found at windowsupdate or D/L the stuff from here:
Microsoft.com
This is the Juli update info
Posted: 2004-08-02 09:57am
Posted: 2004-08-20 02:19pm
El Reg reports that a yet-unnamed worm similar to Download.Ject is spreading via AIM and ICQ, with the message apparently being "My personal home page http://XXXXXXX.X-XXXXXX.XXX/" The page it links to is filled with exploits and malware goodness.
This is only a concern if your default browser is Internet Explorer, and then again, you shouldn't really be dumb enough to open links from complete strangers in IM anyway.
This is only a concern if your default browser is Internet Explorer, and then again, you shouldn't really be dumb enough to open links from complete strangers in IM anyway.
Posted: 2004-08-20 02:31pm
Sounds like yet another variant of CWS to me. And I though lop.com and xupiter were bad?! Ha!Crayz9000 wrote:El Reg reports that a yet-unnamed worm similar to Download.Ject is spreading via AIM and ICQ, with the message apparently being "My personal home page http://XXXXXXX.X-XXXXXX.XXX/" The page it links to is filled with exploits and malware goodness.
This is only a concern if your default browser is Internet Explorer, and then again, you shouldn't really be dumb enough to open links from complete strangers in IM anyway.
Posted: 2004-08-22 08:29am
I've set ICQ and AIM that I only receive messages from people I know anyway, believe me, I learned through ICQ that if you don't, you'd never have time in the day to do anything else than dismiss spam messages.
Posted: 2004-08-27 01:15am
Guys, this really should be in another thread. This thread is for notices related to new Windows/MSIE bugs that are out.
Posted: 2004-09-14 05:09pm
A new critical bug.
Full info here:
Microsoft.com
Executive Summary:
Full info here:
Microsoft.com
Executive Summary:
This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section.
If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers apply the update immediately.
Posted: 2004-09-16 08:53am
Said bug does not apply to XP SP2, BTW
Posted: 2004-09-16 11:48am
True but it affects a shitload of other applications:phongn wrote:Said bug does not apply to XP SP2, BTW
Get some fixes from:
http://www.windowsupdate.com
http://www.officeupdate.com
Affected Software:
Microsoft Windows XP and Microsoft Windows XP Service Pack 1 – Download the update
Microsoft Windows XP 64-Bit Edition Service Pack 1 – Download the update
Microsoft Windows XP 64-Bit Edition Version 2003 – Download the update
Microsoft Windows Server™ 2003 – Download the update
Microsoft Windows Server 2003 64-Bit Edition – Download the update
Microsoft Office XP Service Pack 3 – Download the update
Microsoft Office XP Service Pack 2 – Download the administrative update
Microsoft Office XP Software:
Outlook® 2002
Word 2002
Excel 2002
PowerPoint® 2002
FrontPage® 2002
Publisher 2002
Microsoft Office 2003 – Download the update
Microsoft Office 2003 Software:
Outlook® 2003
Word 2003
Excel 2003
PowerPoint® 2003
FrontPage® 2003
Publisher 2003
InfoPath™ 2003
OneNote™ 2003
Microsoft Project 2002 Service Pack 1 (all versions) – Download the update
Microsoft Project 2003 (all versions) – Download the update
Microsoft Visio 2002 Service Pack 2 (all versions) – Download the update
Microsoft Visio 2003 (all versions) – Download the update
Microsoft Visual Studio .NET 2002 – Download the update
Microsoft Visual Studio .NET 2002 Software:
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
Microsoft Visual Studio .NET 2003 – Download the update
Microsoft Visual Studio .NET 2003 Software:
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
The Microsoft .NET Framework version 1.0 SDK Service Pack 2 – Download the update
Microsoft Picture It!® 2002 (all versions) – Download the update
Microsoft Greetings 2002 – Download the update
Microsoft Picture It! version 7.0 (all versions) – Download the update
Microsoft Digital Image Pro version 7.0 – Download the update
Microsoft Picture It! version 9 (all versions, including Picture It! Library) – Download the update
Microsoft Digital Image Pro version 9 – Download the update
Microsoft Digital Image Suite version 9 – Download the update
Microsoft Producer for Microsoft Office PowerPoint (all versions) – Download the update
Microsoft Platform SDK Redistributable: GDI+ - Download the update
Posted: 2004-10-12 06:46pm
Slashdot
New IM Worm On The Loose
Posted by CmdrTaco on Monday October 11, @07:28PM
from the head-for-the-hills dept.
elfarto writes "Techweb is reporting that a new worm that spreads via Microsoft's instant messaging client began badgering users Monday, several security firms said. Dubbed Funner, the worm propagates by sending itself to all the contacts listed in the user's copy of MSN Messenger, Microsoft's IM client. There is an analysis on Symantec Security Response Site; apparently the worm tries to download stuff from www.78p.com and adds entries to the hosts file pointing to more that 400 Chinese porn sites. The worm also sends itself to the whole contact list as funny.exe so it requires the user interaction to actually execute it. "
Posted: 2004-10-13 03:47am
Patchtime is here again!
7 New critcal updates! And 3 importaint
Don't have the time to get into details here, read the page. Run windowsupdate and patch.
That makes 10 in October! Yay owertime here I come!
7 New critcal updates! And 3 importaint
Don't have the time to get into details here, read the page. Run windowsupdate and patch.
That makes 10 in October! Yay owertime here I come!
Posted: 2004-10-20 01:45pm
OK, we have updates for every browser out there today.
First off, there are two CRITICAL vulnerabilities in Internet Explorer.
Opera also suffers from a similar vulnerability
And so does Safari
And Netscape 6.x-7.x
And Konqueror (all versions with tabbed browsing)
And Maxthon, aka MyIE2
And Avant 9.x and 10.x
First off, there are two CRITICAL vulnerabilities in Internet Explorer.
Then, there's a less critical Mozilla/Firefox/Camino bug that has to do with the tabbed browsing setup. It's been an annoyance for a while now since Mozilla doesn't control where your keyboard focus is.Description:
http-equiv has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to compromise a user's system, link to local resources, and bypass a security feature in Microsoft Windows XP SP2.
Solution:
Disable Active Scripting or use another product.
Opera also suffers from a similar vulnerability
And so does Safari
And Netscape 6.x-7.x
And Konqueror (all versions with tabbed browsing)
And Maxthon, aka MyIE2
And Avant 9.x and 10.x
Description:
Secunia Research has discovered two vulnerabilities in Mozilla, Mozilla Firefox, and Camino, which can be exploited by malicious web sites to obtain sensitive information and spoof dialog boxes.
The vulnerability has been confirmed in the following versions:
* Mozilla 1.7.2 and 1.7.3
* Mozilla Firefox 0.10.1
Other versions may also be vulnerable.
Solution:
Don't visit trusted web sites while visiting untrusted web sites or disable JavaScript.