Results 1 to 8 of 8

Thread: New IE exploit

  1. #1
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    New IE exploit

    If you use Internet Explorer to access your bank or any other sensitive site then read this before you type in your password again!

    StuartR

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: New IE exploit

    A detailed discussion of this exploit can be found here: http://isc.sans.org/presentations/banking_malware.pdf

    A tool to view and, if needed, disable less-than-helpful Browser Helper Objects (BHOs) -- like the one used to steal your banking password -- can be found here: http://www.definitivesolutions.com/bhodemon.htm
    (I think this was recommended on the IE board in the past, but I didn't do a search to confirm that.)

  3. #3
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: New IE exploit

    Jefferson

    I note with interest that accessing the BHODemon webpage causes the (attempted) installation of a cookie for www.paypal.com on your machine!

    My usual recommendation for preventing browser highjacking is Browser Hijack Blaster by Javacool.

    "Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenever one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings."

    This goes rather further than just trapping the installation of Browser Helper Objects.

    Their other two useful products that I use are SpywareBlaster (why is all such software containing the word "blaster" misnamed? See above!) and SpywareGuard.

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  4. #4
    Bronze Lounger
    Join Date
    Feb 2001
    Posts
    1,424
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: New IE exploit

    <P ID="edit" class=small>(Edited by skitterbug on 03-Jul-04 08:46. Corrected my spelling, yet again!)</P>Hi John,

    Your link takes us to a page that explains about Browser HiJack Blaster but the link to the download comes up with a "NOT FOUND - The requested URL /HTMLobj-1456/bhblastersetup.exe was not found on this server." message. Maybe this site was overloaded and shut down. This page seems to have several available download sites that are currently working when I clicked on the download link. Maybe out of all the links provided, loungers will be able to find this piece of software if they want to use it. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    I very seldom use IE but have decided to see if I had any of these malicious changes applied to my registry. <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15> John, Jefferson and Stuart for alerting us and providing pertinent information.


    "Peace begins with a smile. "-- Mother Teresa

  5. #5
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: New IE exploit

    Skitterbug

    What a clever person you are! Your post has reminded me that I have forgotten, yet again, that Browser Hijack Blaster has been superseded by SpywareGuard, which of course I have recommended BEFORE!!

    I think I must be getting old(er)... It is brain-fade...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  6. #6
    Bronze Lounger
    Join Date
    Nov 2001
    Location
    Arlington, Virginia, USA
    Posts
    1,394
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Re: New IE exploit

    MS has released a new Windows Update patch for this exploit, see link:

    What You Should Know About Download.Ject

  7. #7
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: New IE exploit

    Mark

    Pity Microsoft can't get their own diagnostic commands right!

    In the web page you reference, Action 2 point 3
    dir /a /s /b &systemdrive%surf.dat
    should be, of course,
    dir /a /s /b %systemdrive%surf.dat
    and very similarly for point 4...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: New IE exploit

    > I note with interest that accessing the BHODemon webpage causes the (attempted) installation
    > of a cookie for www.paypal.com on your machine!

    Must be related to pulling the little graphic from their web site. Since I have IE set to block all third-party cookies, I don't pay much attention to such things. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •