2004-04-12, 20:06
#1
Skrivet för ett engelskt forum:
Subject: Securing IE?
Note: How to stop the current *.CHM exploits
Text:
Many of probably know how many epxloits it's circuling for IE right now. And since neither MS or Symantec seem to do anything about them I assume I have to find a solution elsewhere. Personally I am using mozilla firebird, but I still want to secure my IE since I am responsible for several desktop computers where the users simply do run IE.
My idea:
Wouldn't it be possible to make a very thin "Net nanny*" client that instead of looking out for bad words check for malicious code. The code is easy to check for. But I am not sure how to make this client.
*: For those of you who don't know net nanny is a anti-porn software. Designed to stop the user from accessing pornagraphy and bad language.
Question:
Or is it possble to block CHM files out of IE. Because the newest exploit takes use of the very-known bug by tricking IE into downloading the CHM file and run it. And the CHM file, once on the desktop has permissions to write to files due to another IE exploit. Great itsn't it?
I have no intention to put the malicious code on here because I don't want to spread it further, even though it is widely known already. It's the same technique as porn dial-ups use. But by using a x-scriptlet (<object>) it's possible to d/l and execute any CHM file. Therefor, by making a client that looked out for the end-user code, specially CHM (I don't use them otherwise).
Porn-dialers may sound rather inocent (so to speak), but it take about five minutes to take that porndialer and make it d/l say.. pwdump and windump and FTP the password HASHES and computers IP, Name, Installed programs and other very sensitive information. Or install a backdoor, or.. you get the picture.
Subject: Securing IE?
Note: How to stop the current *.CHM exploits
Text:
Many of probably know how many epxloits it's circuling for IE right now. And since neither MS or Symantec seem to do anything about them I assume I have to find a solution elsewhere. Personally I am using mozilla firebird, but I still want to secure my IE since I am responsible for several desktop computers where the users simply do run IE.
My idea:
Wouldn't it be possible to make a very thin "Net nanny*" client that instead of looking out for bad words check for malicious code. The code is easy to check for. But I am not sure how to make this client.
*: For those of you who don't know net nanny is a anti-porn software. Designed to stop the user from accessing pornagraphy and bad language.
Question:
Or is it possble to block CHM files out of IE. Because the newest exploit takes use of the very-known bug by tricking IE into downloading the CHM file and run it. And the CHM file, once on the desktop has permissions to write to files due to another IE exploit. Great itsn't it?
I have no intention to put the malicious code on here because I don't want to spread it further, even though it is widely known already. It's the same technique as porn dial-ups use. But by using a x-scriptlet (<object>) it's possible to d/l and execute any CHM file. Therefor, by making a client that looked out for the end-user code, specially CHM (I don't use them otherwise).
Porn-dialers may sound rather inocent (so to speak), but it take about five minutes to take that porndialer and make it d/l say.. pwdump and windump and FTP the password HASHES and computers IP, Name, Installed programs and other very sensitive information. Or install a backdoor, or.. you get the picture.
hela windwos är en bakdörr. 
