[32469] in bugtraq
Re: idsearch.com and googleMS.DLL
daemon@ATHENA.MIT.EDU (Gary Flynn)
Tue Nov 18 12:17:33 2003
Message-ID: <3FBA1B0E.2020003@jmu.edu>
Date: Tue, 18 Nov 2003 08:13:50 -0500
From: Gary Flynn <flynngn@jmu.edu>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <008401c3abd9$5fed5c70$3200000a@alex>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Jelmer wrote:
> thats this issue :
>
> http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-09/0654.html
>
> Unfortunatly I imagine it's being used pretty heavily to install malware
> since I had some run ins with
> it myself just browsing some sites
For the past several weeks, I've seen several new web sites a
day attempting to exploit either the HTA or ADODB vulnerability to
execute code on visiting clients. Some are just messing with IE
favorites. Others are scraping email addresses and downloading
executables. Some of those executables are known malware, usually
remote control trojans, that are detected by AV software. Some are
not detected. I'd imagine that Carnegie Mellon's CERT, DShield, and
other central monitoring organizations would have more enlightening
statistics on the size of this problem.
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
