Security Incidents mailing list archives
Re: AIM-based worm?
From: Midkaemia <midkaemia () midkaemia fsnet co uk>
Date: Sun, 29 Sep 2002 23:06:32 +0100
On Friday 27 Sep 2002 9:48 pm, Troy Ablan wrote:
-- BEGIN SOURCE -- <html><head><title>Browser Plugin Requried</title><meta http-equiv="refresh" content="1; url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Bro wser Plugin Required:</h1><br>You may need to restart your browser for changes to take affect.<br>Security Certificate by <a href="http://www.verisign.com">Verisign</a> 2002.<br>MD5: 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and choose "Run" to install.</body></html> -- END SOURCE --
I don't think so. I think it's just the text of the HTML page saying that -- part of the social engineering in play to get the user to execute the worm. -Troy
Ditto, that's what I thought as well. Basically the hacker is trying to fool the end user into thinking the page they have been asked to view (by whatever means) requires a plugin to run. The user thinks that by accepting to install the "plugin" they are being given a valid plugin signed by verisign. It isn't, and they shouldn't run it. But hey, people will. I suspect the "plugin" modifies the home page of the browser, or installs some other activeX control to make this thing work, hence the restart your browser bit. If I had a spare winxx box I would be tempted to have a look at this thing to provide more info, unfortunately I'm mid rebuild of my entire systems so I can't atm :( It's a quite simple play on basic human ignorance, and nothing more. Mike -- _______________________________________________________________________ "In their capacity as a tool, computers will be but a ripple on the surface of our culture. In their capacity as intellectual challenge, they are without precedent in the cultural history of mankind." Edsger Wybe Dijkstra on Computers ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- AIM-based worm? Troy Ablan (Sep 26)
- Re: AIM-based worm? De Velopment (Sep 27)
- Re: AIM-based worm? Troy Ablan (Sep 27)
- Re: AIM-based worm? Midkaemia (Sep 29)
- Re: AIM-based worm? Troy Ablan (Sep 27)
- Re: AIM-based worm? Adam Young (Sep 27)
- <Possible follow-ups>
- RE: AIM-based worm? webbi (Sep 27)
- RE: AIM-based worm? Ralph Emery (Sep 27)
- RE: AIM-based worm? MH Michael Hammer (5304) (Sep 27)
- RE: AIM-based worm? x x (Sep 27)
- Re: AIM-based worm? skipper (Sep 28)
- RE: AIM-based worm? Ron Yount (Sep 27)
- Re: AIM-based worm? De Velopment (Sep 27)