Malware without user intervention?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've read some news about various malware that can infect your computer
without user intervention, such as simply visiting a Web site or reading an
e-mail but not opening an attachment; further, the news has said that it can
infect even if your system is fully patched with Microsoft patches.

Now, after telling someone that such malware exists, I cannot find any
supporting information. Can someone direct me to said new source?


Re: Malware without user intervention?

wrote:

Quoted text here. Click to load it

Insofar as visiting web sites, the problem is unpatched
vulnerabilities that are exploited. Vulnerabilites are being
found all the time. It's best to  browse without java and
java script enabled, and with IE do not enable activex.
While browsers such as Firefox and Opera have a history
of known vulnerabilities, I've never heard of any actual
exploits before the browsers were fixed. That's why the
use of _current version_ alternate browsers is
recommended.

Insofar as simply reading a email message, I'm not aware
of any current problems with any email apps. Long ago,
Outlook Express had unpatched vulnerabilities that were
exploited with malware such as KAK and Bubbleboy. Your
your main concern is with email attachments, not messages.

Art
http://home.epix.net/~artnpeg

Re: Malware without user intervention?

Art wrote:
[snip]
Quoted text here. Click to load it

while kak and bubbleboy were actually *contained* in the body of the
emails, the OP mentioned worms that simply didn't require you to open an
attachment, not that there weren't any attachments... i'm sure if you
think back you'll recall discussions of outlook [express] exploits for
auto-executing attachments...

also, js/yamanner is a current worm that can reside within the body of
the email...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Malware without user intervention?

wrote:

Quoted text here. Click to load it

And only affected (note past tense) Yahoo email ... a idiotic service
requiring that javascript be enabled in your browser :(

http://abcnews.go.com/Technology/wireStory?id=2071693&technology=true

Art
http://home.epix.net/~artnpeg

Re: Malware without user intervention?

On that special day, kurt wismer, (kurtw@sympatico.ca) said...

Quoted text here. Click to load it

The Gibe exploited the "multimedia preview" feature of Outlook
(Express) which would "play" every attachment that declared itself as a
music file, until it was fixed in version 5.x SP2. How again was that
named? False MIMEtype something?


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de


--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.

Re: Malware without user intervention?


Quoted text here. Click to load it

Yeah - more like "incorrect MIME type exploit" if one wants to Google
it up.



Re: Malware without user intervention?


Quoted text here. Click to load it

<snip>

I presume you consider me to be a arse not so much because
I consider you to be a hot-air vxer kook but more basically
because I'm so decidedly ANTI malware. It's a case of the
pot calling the kettle black since vxers are the actual arses.

Or am I being overly presumptuous? Are you one of those
vxers who claim to be interested in malicious code only for
academic and legit reasons and purposes exclusively? You've
never ever released some shitty creation on the public,
potentially or actually causing grief and lost time/money to
others? It certainly appears that at the very least you
encourage others to do so. And that is enough to make
me say, f*** YOU!

:)

Art
http://home.epix.net/~artnpeg
 


Re: Malware without user intervention?

wrote:

Quoted text here. Click to load it

Lets not forget about network worms... Blaster, Sasser and the likes.

--
Regards, Ian Kenefick
http://www.IK-CS.com
Error: Keyboard not attached. Press F1 to continue.

Re: Malware without user intervention?

Fenton wrote:
Quoted text here. Click to load it

through any number of active content technologies such as activex,
javascript, java, etc... they aren't supposed to allow the installation
of malware, but nothing is perfect... plenty of spyware seems to get
installed though such techniques...

Quoted text here. Click to load it

the recent news stories about js/yamanner (the email worm affecting
yahoo mail) was just such an example...

Quoted text here. Click to load it

having all the patches microsoft makes is not the same as having all the
security holes patched or even having all the known security holes
patched... microsoft is notorious for leaving security holes open for a
while before issuing a patch for them... they're very reluctant to
release patches 'out of cycle' (meaning outside of their normal '2nd
tuesday of the month' schedule)...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Malware without user intervention?

spam@thankyou.com says...
Quoted text here. Click to load it
The stuff I've seen at our site which required least user input was in offices
with
small groups of machines which shared drives. They'd never thought to set up any
protection on that sharing, and so a virus - I forget which it was, now - spread
from
one machine to the next just because they were all switched on.
--
News: use seven bits;
or accept you cannot know
how it looks elsewhere.

Site Timeline