Full Disclosure mailing list archives
RE: RE: SUPER SPOOF DELUXE Re: Microsoft and Security
From: "Mark Laurence" <m.laurence () groveindependentschool co uk>
Date: Fri, 2 Jul 2004 09:49:29 +0100
I think the most likely scenario for the windows update thing would be that you would click on a link from a site you are surfing that advises you to install the latest updates by visiting windowsupdate. You follow the link, address bar looks good so you have no reason to expect a problem. The malicious link would have inserted a frame that looks like the scan for updates page, the user follows the scan for updates, installs what he thinks is a legit security update, which is in fact a piece of spyware or a trojan. User reboots and thinks nothing of it....in the meantime he has become a host for a load of p0rn or a gateway for hackers to use for anything they want. IMO anyway Mark
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of http-equiv () excite com Sent: 02 July 2004 03:52 To: full-disclosure () lists netsys com Subject: RE: RE: SUPER SPOOF DELUXE Re: [Full-disclosure] Microsoft and Security What an utterly pathetic scenario you present. Obviously you're blissfully unaware of the current security trend of site spoofing, 'phishing', url spoofing, DNS spoofing, zone spoofing and on and on and on. and of course now very the latest 'security expert spoofing' ! <!-- "Your subject makes it sound like this is a spoofing vulnerability" You have to look at the prerequisite attack scenario. You are surfing to some random site and out of nowhere it opens WellsFargo.com or WindowsUpdate. At this point you are thinking one of 2 things, either "What the.. I didn't go to WindowsUpdate/WellsFargo .. Let me just close that window .. Damn popups" or "Hey how nice, WindowsUpdate/WellsFargo magically appeared in front of me and I didn't even intend to go there .. I was just surfing for porn .. Let me hurridly download some stuff from there and give it my account details" --> -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 09/04/2004 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: RE: SUPER SPOOF DELUXE Re: Microsoft and Security, (continued)
- RE: RE: SUPER SPOOF DELUXE Re: Microsoft and Security http-equiv () excite com (Jul 01)
- RE: SUPER SPOOF DELUXE Re: Microsoft and Security http-equiv () excite com (Jul 01)
- RE: SUPER SPOOF DELUXE Re: Microsoft and Security Thor Larholm (Jul 01)
- RE: SUPER SPOOF DELUXE Re: Microsoft and Security Pavel Kankovsky (Jul 01)
- RE: RE: SUPER SPOOF DELUXE Re: Microsoft and Security Thor Larholm (Jul 01)
- RE: SUPER SPOOF DELUXE Re: Microsoft and Security Thor Larholm (Jul 01)
- Re: SUPER SPOOF DELUXE Re: Microsoft and Security Bob Perriero (Jul 02)
- RE: RE: SUPER SPOOF DELUXE Re: Microsoft and Security http-equiv () excite com (Jul 01)
- Re: RE: SUPER SPOOF DELUXE Re: Microsoft and Security Gregory A. Gilliss (Jul 01)
- Re: RE: SUPER SPOOF DELUXE Re: Microsoft and Security John Sage (Jul 02)
- RE: RE: SUPER SPOOF DELUXE Re: Microsoft and Security Mark Laurence (Jul 02)
- Re: RE: SUPER SPOOF DELUXE Re: Microsoft and Security Gregory A. Gilliss (Jul 01)