Re: SF new column announcement: Time to Dump IE

[Nightslave <ravenlord () hotpop com>]

I guess there are many ways of doing this..
Here are few sugestions
1. For those who favour COM/ATL can write IE plugin (like google bar) that 
follow a link in the page it visits or read a list of url   from file.

2. Simple batch file that read a list of url and execute IE.
e.g explorer.exe %1 (but it will open one IE instance for every url if you 
feed %1 from file)

3. Server side script e.g PHP or PERL that leech for a url, and display it 
in separate frame. and make it refresh every n seconds. I guess we can even 
use javascript using this method..

4. Automate IE using VB here are some example....
Just paste the following code in a Standard Exe app in visual basic

----------------------------------- CUT HERE 
----------------------------------------
    Dim ie As Object
    Dim url(5) As String

    ' should be fed via other mechanism
    url(0) = "http://www.google.com";
    url(1) = "http://www.yahoo.com";
    url(2) = "http://www.amazon.com";
    url(3) = "http://www.ebay.com";
    url(4) = "http://www.hotmail.com";

    Set ie = CreateObject("InternetExplorer.Application")
    'Display IE
     ie.Visible = True

    ' Start navigating url
    For i = 0 To UBound(url) - 1
        ie.navigate url(i)

        While ie.Busy
            DoEvents
        Wend

       ' wait until ie complete loading the page
         Do While Not ie.readyState = 4
            DoEvents
        Loop
   Next

 Set ie = Nothing
----------------------------------------- CUT HERE 
----------------------------------------


-- Azmadi



> Ahh yes, the HoneyStick idea - 
> http://www.securityfocus.com/archive/119/289303/2004-06-19/2004-06-25/2
>
> Good idea.  Anyone have any ideas for automating/randomizing IE to connect 
> to sites?
> I know that I have been dealing with clients at work who accidently go to 
> websites that have trojans such as Debeski - 
> (http://vil.nai.com/vil/content/v_101057.htm).  Once my security team is 
> notified on this type of virus/trojan issues, we use VMware Windows 
> desktops with IE to connect to these same sites and let it infect us to 
> study it.
>
> Now the question here is to automate this process and let it act as a 
> spider/robot and let it out on the web to see what sites are doing this 
> type of exploitation...
>
> -Ryan


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.703 / Virus Database: 459 - Release Date: 10-Jun-04