Vulnerability Development mailing list archives
RE: Unscrupulous websites installing apps
From: "Dom De Vitto" <Dom () DeVitto com>
Date: Fri, 14 Sep 2001 20:02:43 +0100
Finjan's site also has a number of tests, including one page which just creates a directory on your desktop and copies some files into it. Which, I must say as an independant consultant, are frikkin good, especially the desktop version - which checks HTTPS too. It's great for explaining to management why you need Finjan products.... ....but only really applicable to high security environments. (banks, FIs etc) Dom -----Original Message----- From: Nexus [mailto:nexus () patrol i-way co uk] Sent: 14 September 2001 15:27 To: Jeff Miller; vuln-dev () securityfocus com Subject: Re: Unscrupulous websites installing apps Here's a few things that I use to prevent such things from starting: Utility to disable WSH http://www.symantec.com/avcenter/venc/data/win.script.hosting.html Finjan's freeware anti exe/vbs/java/activex/etc jobbie http://www.finjan.com/surfinguard/ And a stack of Pop-Up killers (not security per se, but stops the annoying little barstewards) http://www.freewareandstuff.com/popup.html #include the_same_old_disable_java_in_your_browser_comment.h Cheers, JJ ----- Original Message ----- From: "Jeff Miller" <jrm.wa () verizon net> To: <vuln-dev () securityfocus com> Sent: Thursday, September 13, 2001 7:50 PM Subject: Unscrupulous websites installing apps
I have a user who *somehow* got caught in one of those websites with cascading window traps that opened up a bunch of new browser windows for him. One of those windows was a prompt to install a program with the choices YES and NO. He clicked the x in the corner instead, only to find that somehow a program had been installed into his program files dir complete with a shortcut in the start menu. I haven't seen this, but I'm wondering if it's possible for someone to defeat IE's security that easily and actually install an application.
Does
anyone know how this is done? Sorry I don't have any examples.
Current thread:
- Unscrupulous websites installing apps Jeff Miller (Sep 13)
- Re: Unscrupulous websites installing apps Nexus (Sep 14)
- RE: Unscrupulous websites installing apps Dom De Vitto (Sep 14)
- <Possible follow-ups>
- Re: Unscrupulous websites installing apps MortalCry (Sep 13)
- Re: Unscrupulous websites installing apps JERRYCTX (Sep 13)
- Re: Unscrupulous websites installing apps Nexus (Sep 14)