Re: 3 new MS patches next week... but none fix 0x01!

[Nick FitzGerald <nick () virus-l demon co uk>]

"Exibar" <exibar () thelair com> wrote:

> What's going on over at Microsoft anyway?  They're releasing 3 new patches
> next week, but are planned to take care of the "0x01" vulnerability in IE.

                    ^
                    |
As it is now clear that you meant to include the word "none" in 
there...

>    I'm one of Microsoft's defenders, and I'm starting to get a little
> confused and upset at what they're doing.
>
>   Heck if 3rd parties can write a fix for the darned thing, why the heck
> can't Microsoft????  What are they thinking over there?
>
>  oh, I guess they are waiting for a large client to get scammed by a scam
> e-mail and then wait for that client to complain.  Money really does talk I
> guess.... it's a shame

OK -- is HSBC bank a large enough client of Microsoft's??

A few days ago (7 Jan) there was a huge spam run phishing for HSBC 
customer details.  That spam used a version of the URL spoofing trick 
based on a long string of percent-zero-one URL-encoded chars (you have 
to be careful with writing that literally now as several spam filters 
and some virus scanner's heuristics specifically look for those 
strings, literal 0x00, 0x01 and similar characters and various other 
forms of encoding of them that are valid in HTML, etc...).  Anyway, 
back to the HSBC spam -- I've seen a report of a single filter 
intercepting close to 150,000 of those messages and several other 
informal reports of "large numbers" of other spam employing these URL 
obscuring tricks (though the HSBC one is the only one using it I've 
noticed arriving in my personal Email).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html