OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Midkaemia (midkaemia_at_midkaemia.fsnet.co.uk)
Date: Sun Sep 29 2002 - 17:06:32 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Friday 27 Sep 2002 9:48 pm, Troy Ablan wrote:
    > > > -- BEGIN SOURCE --
    > > >
    > > > <html><head><title>Browser Plugin Requried</title><meta
    > > > http-equiv="refresh" content="1;
    > > > url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Bro
    > > >wser Plugin Required:</h1><br>You may need to restart your browser for
    > > > changes to take affect.<br>Security Certificate by <a
    > > > href="http://www.verisign.com">Verisign</a> 2002.<br>MD5:
    > > > 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a
    > > > href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and
    > > > choose "Run" to install.</body></html>
    > > >
    > > > -- END SOURCE --

    > I don't think so. I think it's just the text of the HTML page saying
    > that -- part of the social engineering in play to get the user to execute
    > the worm.
    >
    > -Troy

    Ditto, that's what I thought as well.

    Basically the hacker is trying to fool the end user into thinking the page
    they have been asked to view (by whatever means) requires a plugin to run.
    The user thinks that by accepting to install the "plugin" they are being
    given a valid plugin signed by verisign. It isn't, and they shouldn't run it.
    But hey, people will. I suspect the "plugin" modifies the home page of the
    browser, or installs some other activeX control to make this thing work,
    hence the restart your browser bit.

    If I had a spare winxx box I would be tempted to have a look at this thing to
    provide more info, unfortunately I'm mid rebuild of my entire systems so I
    can't atm :(

    It's a quite simple play on basic human ignorance, and nothing more.

    Mike 

    -- 
_______________________________________________________________________
 "In their capacity as a tool, computers will be but a ripple on the 
   surface of our culture. In their capacity as intellectual challenge, 
   they are without precedent in the cultural history of mankind." 
	Edsger Wybe Dijkstra on Computers

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com