Security Incidents mailing list archives
Re: AIM Password theft
From: "Lothar Kimmeringer" <bugtraq () kimmeringer de>
Date: Wed, 24 Sep 2003 01:44:23 +0200
On Tue, 23 Sep 2003 10:53:59 -0400, Mark Coleman wrote:
I just started investigating a report that appears to have merit of a username/password theft of AIM accounts. Users are being directed to a web page located at www.haxr.org where the source appears to run a javascript program that is proportedly stealing AIM usernames/passwords/buddy lists. Does anyone have any information related to www. haxr.org or the technique being used?
The technique uses a flaw in Internet Explorer with the OBJECT-tag allowing code to be executed locally that is loaded from a website. The tag <![CDATA[ <object data=tracker.php></object> ]]> lets IE download a HTML-application that will be executed after loading. A testpage where you can test your locally installed Internet Explorer for being vulnerable can be found at http://www.heise.de/security/dienste/browsercheck/demos/ie/htacheck.shtml If your installation is vulnerable, a program will be downloaded to C:\browsercheck.exe that will executed afterwards leading to a window popping up. The page is in German. Regards, Lothar -- Lothar Kimmeringer E-Mail: mailbody () kimmeringer de PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) Always remember: The answer is forty-two, there can only be wrong questions! --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- AIM Password theft Mark Coleman (Sep 23)
- Re: AIM Password theft Lothar Kimmeringer (Sep 23)
- Re: AIM Password theft Jamie Pratt (Sep 24)
- Re: AIM Password theft Valdis . Kletnieks (Sep 24)
- Re: AIM Password theft Meritt James (Sep 25)
- Re: AIM Password theft VU#865940 CERT(R) Coordination Center (Sep 25)
- Re: AIM Password theft Jamie Pratt (Sep 24)
- Re: AIM Password theft Lothar Kimmeringer (Sep 23)
- <Possible follow-ups>
- RE: AIM Password theft Andrew McKnight (Sep 24)
- Re: [incidents] RE: AIM Password theft Tim Kennedy (Sep 24)
- Re: AIM Password theft Rick Updegrove (Sep 24)
- Re: AIM Password theft Meritt James (Sep 25)
- RE: AIM Password theft Bergeron, Jared (Sep 24)