Full Disclosure mailing list archives
RE: Is there a 0day vuln in this phisher's site?
From: <lists-security () nettracers com>
Date: Sat, 29 Jan 2005 22:49:39 -0800
Paul Kurczaba said : "When I went to the page, McAfee VirusScan notified me of an script it blocked on the page. The blocked script, a virus, was called "JS/Stealus.gen". After some research, I found the script "exploit(s) an Internet Explorer vulnerability resulting in Internet Explorer displaying one location in the Address bar, but actually loading the content from a different site." -http://vil.nai.com/vil/content/v_126246.htm " I can see the attempted exploit from the site in my IE browser...but is shows up in the wrong place on the screen so does not cover the URL bar. Also my Fortinet firewall does NOT detect that JS/Stealus.gen ....but it did give me this once when going to this site: tcp_decoder: tcp_bad_checksum, len: 0x14, checksum: 0x631d, should be 0xee26,[Reference: http://www.fortinet.com/ids/ID108658693] ...and allows this attempt to get through. - Bryan K. Watson - bwatson () nettracers com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? Paul Kurczaba (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- Re: Is there a 0day vuln in this phisher's site? morning_wood (Jan 30)
- Re: Is there a 0day vuln in this phisher's site? Andrew Clover (Jan 30)
- RE: Is there a 0day vuln in this phisher's site? Larry Seltzer (Jan 30)
- Re: Is there a 0day vuln in this phisher's site? Thierry Zoller (Jan 30)
- Re: Is there a 0day vuln in this phisher's site? Andrew Clover (Jan 30)
- RE: Is there a 0day vuln in this phisher's site? lists-security (Jan 29)
- RE: Is there a 0day vuln in this phisher's site? Paul Kurczaba (Jan 29)