Full Disclosure mailing list archives
RE: Spyware installs with no interaction in IE on fully patched XP SP2 box
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 4 Oct 2004 09:47:44 -0500
Aren't their still cross-scripting problems with IE still? Plus I think the Drag and Drop exploit is still unpatched? Comments anyone?
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Harlan Carvey Sent: Sunday, October 03, 2004 2:37 PM To: full-disclosure () lists netsys com Cc: Joel R. Helgeson; Geraldo Rivera Subject: Re: [Full-disclosure] Spyware installs with no interaction in IE on fully patched XP SP2 boxThis machine is a fully patched XP SP2 box, withthe default securitysettings for IE's Internet Zone. Does anybody knowwhat method this crapcould be using to install without any userinteraction?It's a little hard to tell accurately without taking a look at what you removed; ie, saying that you cleaned things out of the Registry is great, but without knowing what keys you "cleaned", it's hard to tell. However, doing a quick search on Google for "atpartners", some of the info I found points to BHOs... Sorry, wish I could help more, but I'd need more info... ===== ------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://groups.yahoo.com/group/windowsir/ "Meddle not in the affairs of dragons, for you are crunchy, and good with ketchup." "The simplicity of this game amuses me. Bring me your finest meats and cheeses." ------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Spyware installs with no interaction in IE on fully patched XP SP2 box Geraldo Rivera (Oct 03)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Joel R. Helgeson (Oct 03)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Harlan Carvey (Oct 03)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box GuidoZ (Oct 03)
- <Possible follow-ups>
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Geraldo Rivera (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Matt Andreko (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Mark Shirley (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Matt Andreko (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Carr, Robert (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Michael Simpson (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Alla Bezroutchko (Oct 05)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Todd Towles (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Todd Towles (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Willem Koenings (Oct 04)
- RE: Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Todd Towles (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Gossi The Dog (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Castigliola, Angelo (Oct 05)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Joel R. Helgeson (Oct 03)