-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone,
I have gotten a lot of on list and off list mail about the link I sent out. I would like to clarify a few things. First it only appears to work with XP, IE 6 and all patches installed. Other versions of win and IE do not appear vulnerable. 2nd there is a question of whether or not this is a virus (as it appears some anti-virus programs are flagging it and I am getting much hate mail). According to trend micro;s site "CIDEXPLOIT.B, CIDEXPLOIT Description: This malware uses an Internet Explorer exploit to execute program files on the infected user's computer. Upon execution, it runs files in its command list. So basically it is being flagged as a virus when it is really not. It does not replicate (something characteristic of viri) nor does it carry a malicious "payload" It is the same FUD that happens when you run the sub 7 client and the anti virus program tells you it is a Trojan when it is clearly not. The same with aim filter which it classifies as a back door. Finally I would like to touch on why I made the point about firewalls not stopping it. This is not because I think firewalls should stop the attack; I merely thought that because we have a lot of people who are new to security they should be aware that having a firewall is not enough. Firewalls will not and cannot stop these times of attacks (IDS might be another story) I didn't mean to confuse anyone or cloud any issues. In closing I would like to say sorry to the group if I upset anyone and reiterate a point that everyone should know; if you don't trust something you find on a public mailing list ignore it. I don't feel I was irresponsible in posting this. We have seen Trojans posted to both bugtraq and vuln-dev (this of course is not destructive as the code I am referring to was). It is a classic case of the buyer (user?) beware. So in summary this is a harmless proof of concept exploit that only appears to effect XP with IE 6 and all patches. Some anti virus programs flag it as a virus when it is not harmful (just delete the files from your IE cache if worried). And again I apologize for upsetting anyone (if you only saw the hate mail). I am here to teach and most importantly be taught. Thanks again for the positive e-mail I received (you know who you people are). Regards, Leon -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPIgoT9qAgf0xoaEuEQKNoQCghsmcspZyQiknE2xhE4xZ6Zv5SvYAnjj8 uEvpTG2VbiC2wBR134L6bopq =T6fR -----END PGP SIGNATURE-----
