Bugtraq mailing list archives
RE: AIM Password theft
From: "Drew Copley" <dcopley () eeye com>
Date: Wed, 24 Sep 2003 10:18:09 -0700
It is a zero day bug, one of two found in IE this past two weeks. It was publically disclosed. Apparently, someone is using it. Which is not a surprise. Jelmer's Bug: http://lists.netsys.com/pipermail/full-disclosure/2003-September/010013.html A fix for this issue: http://lists.netsys.com/pipermail/full-disclosure/2003-September/010042.html Or, you can turn off Activex and Javascript... But, most people will not do that, and you might as well kill this component anyway.
-----Original Message----- From: Brent Meshier [mailto:brent () meshier com] Sent: Tuesday, September 23, 2003 12:13 PM To: bugtraq () lists securityfocus com Subject: Re: AIM Password theft Mark, The code you just sent looks familiar to a SPAM I received attempting to hijack users' e-gold accounts. Out of curiosity I followed that link which loaded start.html (attached). What worries me is that I'm running IE 6.0.2800.1106 with all the latest patches from Microsoft and this page (start.html) rewrote wmplayer.exe on my local drive without notice. After closing the page, I found two .exe files on my desktop (which loaded from http://doz.linux162.onway.net/eg/1.exe). Is this a new unknown vulnerability? Brent Meshier Global Transport Logistics, Inc. http://www.gtlogistics.com/ "Innovative Fulfillment Solutions" -----Original Message----- From: Mark Coleman [mailto:markc () uniontown com] Sent: Tuesday, September 23, 2003 11:43 AM To: bugtraq () securityfocus org Subject: [Fwd: Re: AIM Password theft] Hi, can anyone shed some light on this for me? If this is new, its going to spread like wildfire. AOL or incidents lists have yet to reply.... it appears to be a legitimate threat as I have at least one user "infected" already.. Thank you.. -Mark Coleman
Current thread:
- Re: AIM Password theft Brent Meshier (Sep 24)
- Re: AIM Password theft jelmer (Sep 24)
- Re: AIM Password theft Eric Joe (Sep 24)
- RE: AIM Password theft Drew Copley (Sep 24)
- <Possible follow-ups>
- Re: AIM Password theft http-equiv () excite com (Sep 24)