Jump to content

Trojan horse rides on unpatched IE flaw


Recommended Posts

Trojan horse rides on unpatched IE flaw

Attackers are taking advantage of an unpatched vulnerability in Internet Explorer to target users of the ubiquitous Web browser, Microsoft warned late Tuesday.

Malicious software that exploits the security flaw to download a Trojan horse to vulnerable computers has been found on the Internet, according to Microsoft. Detection and removal capabilities for the "TrojanDownloader:Win32/Delf.DH" have been added to Microsoft's recently launched online security-scanning tool.

"Customers can visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove this malicious software and future variants," Microsoft said in its updated security advisory on the issue.


The security bug, exploited by the Trojan downloader, was originally reported in May. The bug was thought to only allow for a denial-of-service attack, which would cause IE to close. However, experts last week raised an alarm on the issue because it was discovered that it could be used to remotely run code on a vulnerable computer.

Microsoft has yet to provide a fix for the vulnerability, but is working on a patch, according to the security advisory. Security-monitoring company Secunia deems the problem "extremely critical," its rarely given highest rating.

The vulnerability puts computers running Windows 98, Windows Millennium Edition, Windows 2000 and Windows XP at risk. An attacker could gain complete control of vulnerable systems by hosting malicious code on a Web site. Once an IE user visits the site, the malicious program would run without any user interaction.

Microsoft offers several workarounds to deflect attacks. These include changing IE settings to disable active scripting or prompt the user before running such scripts.

[edit] I made this a sticky because this looks like a serious exploit (extremely critical).

Three critical flaws found in Java

29 November 2005

Sun's Java Runtime Environment (JRE) contains serious security flaws that could allow remote attackers to execute applications on a system, the company has warned.

The bugs, patched in a new release yesterday, affect Windows, Unix and Linux platforms. The Java Software Development Kit (SDK) is also affected.

Sun outlined three separate vulnerabilities, each of which could independently allow a specially crafted Java applet, for example embedded in a Web page, to escalate its privileges. That could allow the applet to read and write local files and execute applications accessible to the user running the applet, with the user's privileges.

Ordinarily, Java applets are restricted from reading and writing files and executing applications by the Java "sandbox".

The JRE is the code used to execute Java applets on a local system, and is one of the most widely distributed client-side software products. Versions of the JRE are also found in unconventional systems such as mobile phones.

Secunia and FrSIRT, which maintain vulnerabilities databases, gave the vulnerabilities serious ratings - "highly critical" and "critical" respectively.

                          Sun(sm) Alert Notification


Link to comment
Share on other sites

another good reason to download FierFox

seeing how ie is a huge part of the os and ff is just a cobbled together browser, [glow=red,2,300]by the way, can the oh so touted new version at least display glow text properly?[/glow], i see no reason to castrate my ability to see web content correctly. i'm sticking with ie.

Link to comment
Share on other sites

seeing how ie is a huge part of the os and ff is just a cobbled together browser, [glow=red,2,300]by the way, can the oh so touted new version at least display glow text properly?[/glow], i see no reason to castrate my ability to see web content correctly. i'm sticking with ie.

Nope, but that's actually a problem of IE not displayed thing properly so webmasters have to do some strange stuff to make it work properly in IE, while breaking the other browsers, which follow the formal rules on webdesign.

Link to comment
Share on other sites

. . . Spython found this on my computer after I did a 2MB update.


Category: Keystroke Logger

RedHand is a hidden keystroke recorder that records all keyboard key strokes and other computing activity into a log file, so that you (or someone else) can view and use this data later. Also allows total remote control by hackers and malicious users. Contains functionality to block certain programs from running. Also has the ability to lockdown, log on or off users, even shutdown the PC completely.

This spyware application exhibits the following characteristics:

Logs Internet browsing habits

Tracks your web browsing and shopping habits, sending this information to a centralized server for analysis. This information is normally used to provide targeted advertising.

Logs keystrokes

Tracks all the keys pressed on the keyboard, saving this information to a text file or sending the information to an e-mail recipient. Keystroke loggers are very dangerous because they can log passwords, account numbers, credit card numbers, and all other personal information entered on your computer, including email correspondence.

Remains memory resident

Remains memory resident in an attempt to detect and deter removal. Such behavior makes applications difficult to remove without anti-spy software such as Spython.


Typically hides associated files from the computer process manager, creates no visible icons in the system tray or taskbar, and provides no method for uninstall.

. . .this is the second keylogger I've found on my computer this year.

Link to comment
Share on other sites

seeing how ie is a huge part of the os and ff is just a cobbled together browser, [glow=red,2,300]by the way, can the oh so touted new version at least display glow text properly?[/glow], i see no reason to castrate my ability to see web content correctly. i'm sticking with ie.

resop...i actually do see ur glow thingy just fine...it's ur green and blue thing at the bottom the doesn't look right because they are too close to the same hue to contrast one or the other... :D ...it's all about choices and we don't want to castrate u either :) ...i choose both btw

Link to comment
Share on other sites

R-D that red handed sounds dangerous. How can a person go about detecting whether or not such code is in your computer with out buying a detection program to deal with the same??? :oops::shock::?:?:

Fred, because Redhand is sold commercially, most anti-virus and anti-spyware programs may not detect it.

The latest permutations include the use of routines to mail out user activity via e-mail and/or posting information to the web where the spy can view it at their leisure. Also many spyware vendors are useing "stealth routines" and "polymorphic" (meaning to change) techniques to avoid detection and removal by popular anti-spy software. In some cases Spyware vendors have went as far as to counter-attack anti-spy programs by attempting to break their use. In addition they may use routines to re-install the spyware application after it has been detected.

Ironically you can monitor for spy software by installing spy software on your system first! Since spy software can record all keystrokes it can monitor and record the installation of another spy software. Again this turns into a virtual arms race, but keep in mind that many spy programs are vulnerable to anti-spy attacks. There's only a couple of thousand Spy programs out to get you.  :shock:

Here's a list of free programs you can try, but I'm seriously not sure how well they can detect some of the stealth rountines some these spyware/key-loggers use to avoid detection.

Spybot - Search & Destroy - free - spyware killer/remover

- (trys to) catches what Ad-aware misses


Ad-aware - free - spyware killer/remover

- (trys to) catches what spybot misses


SpywareBlaster - doesn't scan for and clean spyware

- it (trys to) prevents it from being installed in the first place.


HijackThis - scans for pesky malware, spyware and adware

  that manage to avoid being detected by other scanners

  it is very detailed about what is installed and running

  with loads of tools and log analyzer.

  Read everything on this one before using.


You may want to check out Spyware Doctor, it will do a free scan,

but it won't fix any problems, 'till you purchase it ~


. . .a few things you might want to keep in mind before you click on something ~ try to avoid "drive-by downloads". Drive-by downloads are accomplished by providing a misleading dialogue box and/or other methods of stealth installation (like hitting the [X] to exit a pop-up). Many times users have no idea they have installed the application. Often Adware/Spyware makers make their applications very difficult to uninstall.

A "EULA" or End User License Agreement is the agreement you accept when you click "OK" or "Continue" when you are installing software. Many users never bother to read the EULA.

It is imperative to actually read this agreement before you install any software. No matter how tedious the EULA, you should be able to find out the intent BEFORE you install the software. If you have questions about the EULA- e-mail the company and ask them for clarification.

. . .Happy Hunting.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...