 Theory |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Mar 4 2005, 10:10 AM
Post
#1
|
|
 AntiSlyware.com  Group: Malware Expert Posts: 984 Joined: 10-May 03 From: Great Country Of Texas Member No.: 5 Operating System: ...  |
If you want to point someone at this post:
http://TomCoyote.org/Theory/ that link will bring you to here My appologies if anyone takes anything said against thier browser, their surfing, their computer, their dogs or their cats, this is just a conversation that needs to be thought about [ 09:39:25 ] [ @Efwis ] I had fun teh other night, was surfing the web for a neildiamond song, got nailed with a major hijacking [ 09:39:33 ] [ @Efwis ] *Neil Diamond [ 09:39:43 ] [ @Coyote` ] neil will do that to you [ 09:39:54 ] [ @Coyote` ] go with Pink Floyd next time [ 09:40:45 ] [ @Efwis ] heh, hit me with 180solutions, l2m, 10 viruses 2 trojan downloaders, a java exploit, and a hompage hijack, went right around Moz and nailed IE [ 09:40:46 ] [ @Coyote` ] it's a crying shame that no one is safe looking for things nowadays [ 09:41:12 ] [ @Efwis ] oh I forgot ISTVbar and sidesearch [ 09:41:41 ] [ @Coyote` ] let's say you have IE secure, and you use another browser [ 09:42:31 ] [ @Coyote` ] this other browser allows something to happen that bypasses the first block you have built into IE say Iespyads, thus IE is now a target again through this other browser [ 09:42:44 ] [ @Coyote` ] this IS just a theory btw [ 09:42:51 ] [ @Coyote` ] but it is possible [ 09:43:31 ] [ @Coyote` ] now if you go to that same site in IE, nothing happens because your first block stopped it [ 09:43:45 ] [ @Efwis ] i'm looked in my IE_Spyad files, this page isn't even listed, although it should be, I think i will contact Eric Howes adn he can add it to his next update [ 09:44:11 ] [ @Coyote` ] are you in the classroom? [ 09:44:18 ] [ @Efwis ] yeah, your theory has merit adn is probably quite accurate [ 09:44:22 ] [ @Efwis ] yes I am [ 09:44:32 ] [ @Coyote` ] have you been keeping up with wng_z3r0's problem that I have posted to? [ 09:44:45 ] [ @Efwis ] no, got a link? [ 09:44:53 ] [ @Coyote` ] http://forums.tomcoyote.org/index.php?act=...ndpost&p=137765 [ 09:45:08 ] [ @Coyote` ] took 4 pages of posts to finally get to the root of the problem [ 09:45:26 ] [ @Efwis ] looking [ 09:45:41 ] [ @Coyote` ] his shell browser covering IE allowed something IE wouldn't [ 09:46:31 ] [ @Coyote` ] not so much a theory anymore [ 09:48:00 ] [ @bozodog ] are you saying that Mozilla can let stuff through to IE and beyond? [ 09:48:50 ] [ @Coyote` ] I am not saying anything about moz, I am saying it is a possibility that an alternate browser can let things bypass to IE and therefore cause problems [ 09:49:44 ] [ @Coyote` ] and by them bypassing to IE, IE's protections can be bypassed that normally wouldn't if IE was in use instead of the alternate [ 09:50:29 ] [ @bozodog ] err.. I think I understand [ 09:51:01 ] [ @Coyote` ] it's like a layer effect, you have layers of protections you set in place, using an alternate browser, you can possibly bypass a layer or two which in turn can lead to your being infected [ 09:51:36 ] [ @Coyote` ] it may not go in the front door but it might find a side window [ 09:51:37 ] [ @bozodog ] Ahh.. [ 09:52:45 ] [ @Coyote` ] I won't say that it is possible with any particular browser, I think in fact it may be possible with any browser [ 09:53:03 ] [ @Coyote` ] but this is only theory at this point [ 09:53:24 ] [ @Coyote` ] some script kiddie will strive to make it happen on a regular basis eventually [ 09:54:10 ] [ @bozodog ] sounds like a solid thought... they are getting better at mucking up our systems.. [ 09:54:36 ] [ @Coyote` ] well, the problem itself goes back to windows, [ 09:54:53 ] [ @Coyote` ] windows is made to accomodate users of limited knowledge [ 09:55:06 ] [ @bozodog ] but doesn't your AV, etc... do it's job in that case? [ 09:55:09 ] [ @Coyote` ] so that in itself is preyed upon by the kiddies [ 09:55:36 ] [ @Coyote` ] AV is only one part of an overall solution and it lacks a great deal of the overall protection [ 09:56:07 ] [ @Coyote` ] the AV chosen also plays a part in how that is defined [ 09:56:42 ] [ @Coyote` ] several AV's have weak real time scanning engines that fail at the sight of any infection [ 09:57:15 ] [ @Coyote` ] real time scanning engines are the only way to truly combat virus and trojans [ 09:57:28 ] [ @bozodog ] I only use Avast free... and spywareblaster etc.. [ 09:57:42 ] [ @Coyote` ] I have not tried Avast [ 09:57:51 ] [ @Coyote` ] so I cannot comment on it [ 09:58:27 ] [ @bozodog ] it sure updates often, (2-3 times a day at times) [ 09:58:51 ] [ @Coyote` ] I hope that is because they are adding to the database and not correcting mistakes [ 09:58:58 ] [ @bozodog ] and scares the heck outa me when some baddie trys to get in [ 09:59:15 ] [ @bozodog ] yeah, it's data [ 09:59:34 ] [ @Coyote` ] well, you can't tell from the updating [ 09:59:53 ] [ @Coyote` ] you would have to disect each dataflow [ 10:00:03 ] [ @Coyote` ] and know what coding they use [ 10:00:51 ] [ @Efwis ] from looking at that post, i wouold say you are correct Tom, no longer a theory but a proven fact [ 10:01:15 ] [ @bozodog ] of course I don't surf the back alleys, or p2p stuff [ 10:01:24 ] [ @Coyote` ] well, fact for his situation, theory for other browsers at this point [ 10:01:52 ] [ @Coyote` ] bozodog look at what happened to Efwis looking for a neil diamond song [ 10:01:59 ] [ @Efwis ] based on what happened to me its a fact for Moz too [ 10:02:01 ] [ @bozodog ] yep [ 10:02:30 ] [ @bozodog ] do you use Moz of FF? [ 10:02:31 ] [ @Coyote` ] I hate it when I am correct about some of these theories but I am right too many times [ 10:02:48 ] [ @Efwis ] i went there with my IE yesterday, nothing happened, all my protections worked correctly [ 10:03:13 ] [ @bozodog ] you're like a hound dog.. you can sniff out problems [ 10:03:13 ] [ @Efwis ] so I am inclined to believe it is something actually programmed into the html code [ 10:03:40 ] [ @Efwis ] he is good at what he does, and I like his info, because he usually is correct bd [ 10:04:23 ] [ @bozodog ] don't I know it... he knows I have the highest respect for what he says |
 |
 
|
|
Replies
|
Mar 5 2005, 01:05 PM
Post
#2
|
|
|
AntiSlyware.com Group: Malware Expert Posts: 984 Joined: 10-May 03 From: Great Country Of Texas Member No.: 5 Operating System: ... |
It is always your choice as to what to use, I have always said though that if you don't protect IE then you are in for a surprise, now though even with protecting IE you could have a problem, so it is not that simple anymore given the above situation, should you switch back to IE and give up what you want? That you will have to answer for yourself, it is your computer.
|
|
|
|
Posts in this topic
Coyote Theory Mar 4 2005, 10:10 AM
Efwis The below log was genrated from a machine that wen... Mar 4 2005, 06:18 PM shelf life Efwis, can you post a link to the website Mar 4 2005, 08:21 PM wng_z3r0 if such a theory were true, is there a way to ... Mar 5 2005, 01:57 AM Coyote this go over your head?
the problem is not IE, if... Mar 5 2005, 04:58 AM
wng_z3r0 QUOTE(Coyote @ Mar 5 2005, 04:58 AM)
IE is i... Mar 5 2005, 10:13 AM Efwis QUOTE(shelf life @ Mar 4 2005, 08:21 PM)Efwis... Mar 5 2005, 06:45 AM harpwolf QUOTE(Efwis @ Mar 5 2005, 05:45 AM)QUOTE(shel... Mar 13 2005, 04:09 PM ChrisRLG Efwis
Has Jeff got his computer clean now - (Its ... Mar 5 2005, 10:10 AM Besttechie Hey Everyone,
As you can see from the log Efwis p... Mar 5 2005, 10:37 AM insipid QUOTE(Besttechie @ Mar 5 2005, 08:37 AM) Now,... Mar 5 2005, 11:15 AM Coyote This is a js file that was called to from the link... Mar 5 2005, 07:39 PM herbalist Efwis,
Do you happen to know which version of Fire... Mar 6 2005, 04:34 AM helpless I can say at work using other browsers then MSIE i... Mar 6 2005, 05:42 AM Efwis QUOTE(herbalist @ Mar 6 2005, 04:34 AM)Efwis,... Mar 6 2005, 08:06 AM Racktracker Efwis was "kind" enough to send me the l... Mar 6 2005, 11:19 AM Crow hmm.... my log after visiting with FF
Logfile... Mar 6 2005, 12:37 PM dknoppix All that I'm hoping is that there isn't an... Mar 6 2005, 07:42 PM RubbeR DuckY Me thinks they were planning this. Yes, funny adve... Mar 7 2005, 05:30 PM Paperghost Theyre doing this by exploiting the Sun java runti... Mar 9 2005, 06:37 PM Paperghost I've had an update from Daniel Veditz, head of... Mar 10 2005, 12:09 AM Coyote Paperghost thank you for your work on this Mar 10 2005, 12:19 AM Pipex have highlighted the unfortunate news on my forum ... Mar 10 2005, 02:10 AM LostAccount Just did a google search on the site.
Found it...b... Mar 10 2005, 11:20 AM Hound5150 I have not been able to test much of this but if y... Mar 10 2005, 11:21 AM Paperghost http://www.theregister.co.uk/2005/03/11/al...tive_... Mar 11 2005, 11:40 AM Hound5150 This was a thought that I had after reading an art... Mar 11 2005, 01:27 PM grummy After reading this thread I couldn't resist go... Mar 11 2005, 07:22 PM Racktracker If you look at my screen shot you can see the ... Mar 11 2005, 08:23 PM grummy RackTracker, I now see that both our browsers reac... Mar 11 2005, 08:40 PM grummy I just looked in Contol Panel and opened the up Ja... Mar 11 2005, 09:00 PM Paperghost Some people have said that this only affects older... Mar 12 2005, 05:36 AM Paperghost Funnily enough, "Java/JavaOpenStream" ha... Mar 12 2005, 06:11 AM Mike Guys, this is not a browser problem. This is a Jav... Mar 12 2005, 02:07 PM Paperghost Actually, it IS a browser problem in that the brow... Mar 12 2005, 03:47 PM mpfeif101 Check out Mike's newsletter... well said:
htt... Mar 13 2005, 10:59 AM Paperghost QUOTEMy frustration with this is that people are c... Mar 13 2005, 11:25 AM Racktracker If people were being infected without warning via ... Mar 13 2005, 01:15 PM Efwis I should point out, and this by no means goes agai... Mar 13 2005, 01:18 PM Racktracker I'm not sure of the circumstances in Efwis... Mar 13 2005, 02:33 PM southernlady I was reading paperghost's site and then went ... Mar 13 2005, 09:12 PM EVApilot You'll be glad to know that the applets fail o... Mar 14 2005, 10:41 AM rob_ QUOTE("Mike")And I'd like to point o... Mar 14 2005, 11:43 AM The Computer Valet QUOTE(rob_ @ Mar 14 2005, 12:43 PM)So I would... Mar 14 2005, 09:16 PM Paperghost Excellent post, Rob Mar 14 2005, 01:24 PM Avohir you know... it strikes me that if this is an explo... Mar 14 2005, 01:54 PM rob_ slotch.com, is the the canadian firm sending this ... Mar 14 2005, 01:59 PM Efwis actually harpwolf works for Yahoo, contacted me by... Mar 14 2005, 02:22 PM rob_ Ah, good to know. If I had permission to edit my ... Mar 14 2005, 03:15 PM Efwis ask and ye shall recieve, you want it edited rob? Mar 14 2005, 03:16 PM rob_ Aye that would be great. Thanks. Mar 14 2005, 03:20 PM rob_ Here are a couple more choice quotations from Inte... Mar 14 2005, 04:47 PM Paperghost Thats....a very good question Rob. Now im REALLY g... Mar 14 2005, 05:03 PM rob_ QUOTE(The Computer Valet)You can call these people... Mar 15 2005, 09:14 AM southernlady QUOTEthe bulk of the Firefox user base shouldn... Mar 15 2005, 10:05 AM rob_ QUOTE(southernlady)That actually should read ANY u... Mar 15 2005, 11:39 AM southernlady QUOTEIE doesn't interest me because I don... Mar 16 2005, 07:07 AM rob_ QUOTEif you use a Windows product, you use IE even... Mar 16 2005, 05:25 PM The Computer Valet QUOTE(rob_ @ Mar 16 2005, 06:25 PM)Anyway, I ... Mar 16 2005, 09:35 PM aad As a newbie to this forum but not a newbie to secu... Mar 17 2005, 01:19 AM rob_ QUOTETo wit: You MUST click YES to continue.
To w... Mar 17 2005, 09:41 AM Blacksheep Hmm after perusing the various posts, rants, ruffl... Mar 17 2005, 10:21 AM Zero QUOTE(Blacksheep @ Mar 17 2005, 12:21 PM)2. I... Mar 17 2005, 03:28 PM aad QUOTE(Zero @ Mar 17 2005, 09:28 PM)QUOTE(Blac... Mar 17 2005, 03:57 PM Zero Funny. I dont recall saying anything about Linux, ... Mar 17 2005, 04:07 PM Blacksheep Many newbies are unaware of the consequences of cl... Mar 17 2005, 06:28 PM Galadriel Whether it works on Linux or not, has nothing to d... Mar 17 2005, 06:52 PM rob_ @ ZERO
LOL Well, you will all be relieved for thi... Mar 17 2005, 07:00 PM Zero I stand by what I said. If a user fails to see tha... Mar 17 2005, 07:08 PM Paperghost "I stand by what I said. If a user fails to s... Mar 18 2005, 12:28 AM Zero Alright, done, demoted.
Now as per your post:
Ge... Mar 18 2005, 01:24 AM Paperghost QUOTE"Nowhere in the applet does it say anyth... Mar 18 2005, 01:40 AM Zero “Your insistence on saying this "isnt" a... Mar 18 2005, 01:51 AM Efwis QUOTEIts not an exploit, it never was an exploit, ... Mar 18 2005, 07:28 AM Zero "2 : to make use of meanly or unjustly for on... Mar 18 2005, 10:40 AM Paperghost QUOTE(Zero @ Mar 18 2005, 07:51 AM)Kevin Mitn... Mar 18 2005, 12:23 PM aad I will add that the exploit WOULD work on Linux. T... Mar 18 2005, 12:29 PM Avohir I wouldn't touch this debate with a 10 foot po... Mar 18 2005, 12:30 PM Zero "...and that proves the validity of your argu... Mar 18 2005, 01:15 PM Paperghost
...which proves you can't possibly work (in ... Mar 18 2005, 02:04 PM Zero "...which proves you can't possibly work ... Mar 18 2005, 02:30 PM Paperghost "There is a difference between WINE and LINUX... Mar 18 2005, 02:42 PM Zero "Which doesnt really make your point any clea... Mar 18 2005, 02:56 PM Paperghost QUOTEZero: Yes. I ran the exploit under linux noth... Mar 18 2005, 03:17 PM Zero "And yet in the above statement you are defin... Mar 18 2005, 04:23 PM aad PaperGhost: Yes, I have to totally agree. I still... Mar 18 2005, 04:35 PM Paperghost An interesting find re proxies...havent tested tha... Mar 18 2005, 04:39 PM aad QUOTE(Paperghost @ Mar 18 2005, 10:39 PM)An i... Mar 18 2005, 05:23 PM Paperghost One small thing that everybody is missing on this ... Mar 19 2005, 01:03 PM Avohir correct me if I'm wrong here... but unless you... Mar 19 2005, 03:43 PM Zero News flash: visting sites stores files in your cac... Mar 19 2005, 05:45 PM Paperghost Zero, once again you've missed the point compl... Mar 20 2005, 04:22 AM southernlady QUOTEAfter all, I'm willing to bet theres a sl... Mar 20 2005, 07:31 AM Paperghost QUOTE(southernlady @ Mar 20 2005, 01:31 PM)An... Mar 20 2005, 09:06 AM nlinecomputers This has had so many responses in the past few day... Mar 20 2005, 10:57 AM Zero "Zero, once again you've missed the point... Mar 20 2005, 11:25 AM Paperghost Zero, if you're happy to leave crud - any crud... Mar 20 2005, 02:36 PM Zero And that's why every PC I fix I give them a co... Mar 20 2005, 02:44 PM Siggyx Play nice everyone. Mar 20 2005, 02:48 PM |
|
Time is now: 21st March 2010 - 08:37 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
