Bugtraq mailing list archives
RE: new internet explorer exploit (was new worm)
From: "Drew Copley" <dcopley () eeye com>
Date: Mon, 29 Mar 2004 11:44:12 -0800
-----Original Message----- From: Jelmer [mailto:jkuperus () planet nl] Sent: Monday, March 29, 2004 6:36 AM To: full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: new internet explorer exploit (was new worm) The code used by this worm to exploit it's users at least partly is (i think) new , the vulnerability it abused has afaik not been published on eighter bugtraq or full-disclosure. possibly making it (one of?) the first worm to totally catch people offguard.
Yeah. It is a zero day worm, and it is very notable as such. I can not recall a previous zero day worm. (AV is not my job, but I do try and follow zero day.) Hence, IE has birthed us the first zero day worm. We should be thankful it was not coded better, because it could have caused some really serious problems. A hundred thousand systems is really a low target when you consider 94% of all browsers being used are IE and the internet population is around the 400 million figure. A zero day worm in IE: post on Feb 19, 2004 http://www.securityfocus.com/archive/1/354447 Thor's post which archives various vendor's papers on it (Feb 25 2003): http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0 Someone in Russia is making some nice cash. As usual. Or, something even nastier is going down. (Nastier then the Red Mafiya??) Hopefully, someone with a badge somewhere is investigating this. But, looking up "bizex investigation" in google news turns up zero hits. Maybe because "we" (all of the nations of the world) forgot to create some kind of online police force. Doh. Just like the Wild West. The only law is Pinkerton. How sad. Echo... Echo...
Current thread:
- new internet explorer exploit (was new worm) Jelmer (Mar 29)
- Addressing Cisco Security Issues Geo. (Mar 29)
- Re: Addressing Cisco Security Issues Jason Dodson (Mar 29)
- Re: Addressing Cisco Security Issues Clayton Kossmeyer (Mar 30)
- Re: new internet explorer exploit (was new worm) Void (Mar 29)
- Re: new internet explorer exploit (was new worm) Jelmer (Mar 30)
- Re: new internet explorer exploit (was new worm) Nick FitzGerald (Mar 30)
- <Possible follow-ups>
- RE: new internet explorer exploit (was new worm) Drew Copley (Mar 29)
- Re: new internet explorer exploit (was new worm) Berend-Jan Wever (Mar 30)
- RE: new internet explorer exploit (was new worm) Thor Larholm (Mar 30)
- Addressing Cisco Security Issues Geo. (Mar 29)