WebWork Magazin - Webseiten erstellen lassen, Online Medien, html

Webhoster, Webhosting Provider und Domain registrieren

Home | Registrieren | Einloggen | Suchen | Aktuelles | GSL-Webservice | Suleitec Webhosting
Reparatur-Forum | Elektro forum | Ersatzteilshop Haushalt und Elektronik



Im Homepage und Webhosting-Forum --- IFrames

Aktuelles und Kontroverses aus der Netzwelt, Hosting, Provider

Forum » Internet & Co » IFrames - 15 Nov 2018 Antworten
im Forum für Webhosting Homepage gefunden:
IFrames
Can
Halbgott
Threadstarter




Beiträge: 1328

Win32.Bugbear.B@mm ist ein Internet Wurm der sich per E-Mail verbreitet.

Er benutzt die IFRAME Schwachstelle, um sich ohne Benutzereingriff auszuführen.


Weiß jemand, was mit der IFrame-Schwachstelle gemeint ist, und in welchem Browser die besteht?

Can

---
"S-púrlawits'chkâ A-ngáse gûrewüdíx" - Zaphrot Bibelprox

  Profil   E-Mail   Editieren   Zitieren
Marcus
Forenheld




Beiträge: 885

Wohl das hier:

Exploit.IFrame.FileDownload


Exploit takes advantage of a security breach in MS Internet Explorer 5.01, 5.5 and Outlook.

Some Internet worms use this breach to activate themselves from HTML e-mail messages. Examples of such worms are: Aliz, BadtransII, Nimda, and Toil.

This vulnerability allows for the opening or previewing of an infected HTML e-mail message to activate any file or program attached to a message without any security warning from MS Internet Explorer. This breach may also be used in any HTML page (as I-Worm.Nimda does).

This security breach in MS Internet Explorer was discovered in March 2001, and described in the Microsoft Security Bulletin at http://www.microsoft.com/technet/security/bulletin /MS01-020.asp.

The patch eliminating this breach was released by Microsoft on 29 March 2001, and is available for downloading at http://www.microsoft.com/windows/ie/downloads/crit ical/q290108/default.asp.


Quelle: http://www.zdnet.de/itsupport/virencenter/dict/virus/virus4317-wc.html

Und weiter:

A new variation of the Bugbear worm of last September is spreading rapidly across the Internet. Bugbear.b (w32.bugbear.b@mm) is written in Visual C and has been compressed to 72,192 bytes. It is similar to the original Bugbear worm in that it spreads by e-mail or shared network files, attempts to shut down popular antivirus and firewall apps, and opens a port on infected computers for remote administration. Bugbear.b contains a keystroke-logging Trojan horse that could be used to steal passwords or credit-card information from infected computers. Bugbear infects all versions of Windows, but does not infect Mac, Unix, or Linux systems. Because Bugbear is spreading rapidly via e-mail and could steal personal information, this worm rates a 7 on the ZDNet Virus Meter.




How it works
Bugbear contains its own SMTP engine and uses Microsoft Outlook to send copies of itself to all e-mail addresses found on an infected system. It will avoid addresses containing such words as mailer-daemon, postmaster, and spam. The subject of the e-mail is either selected from a long list of variations or taken from a random filename on an infected computer. The body text of the e-mail may contain the I-Frame exploit. Users who have not installed the patch MS01-020 from Microsoft may find that the virus will automatically execute whether or not they open the e-mail in Microsoft Outlook. The attached file has an .exe, .scr, or .pif extension. Bugbear is also capable of attaching two extensions to the attached e-mail file, such as File.xls.exe.

On a network, Bugbear.b waits after infecting the first computer before searching the network drives for additional victims. It tries to infect files in either Program Files or in the Windows folder itself, including those in this list from the antivirus-software vendor F-Secure:

winzipwinzip32.exe
kazaakazaa.exe
ICQIcq.exe
DAPDAP.exe
Winampwinamp.exe
AIM95aim.exe
LavasoftAd-aware 6Ad-aware.exe
TrillianTrillian.exe
Zone LabsZoneAlarmZoneAlarm.exe
StreamCastMorpheusMorpheus.exe
QuickTimeQuickTimePlayer.exe
WS_FTPWS_FTP95.exe
MSN Messengermsnmsgr.exe
ACDSee32ACDSee32.exe
AdobeAcrobat 4.0ReaderAcroRd32.exe
CuteFTPcutftp32.exe
FarFar.exe
Outlook Expressmsimn.exe
RealRealPlayerrealplay.exe
Windows Media Playermplayer2.exe
WinRARWinRAR.exe
adobeacrobat 5.0readeracrord32.exe
Internet Exploreriexplore.exe
winhelp.exenotepad.exe
hh.exe
mplayer.exe
regedit.exe
scandskw.exe

Bugbear also attempts to terminate any active antivirus and firewall software.

The worm installs a keystroke-logging app in the WindowsSystem directory. The keystroke-logging app uses a random name that contains seven characters followed by .dll.

Finally, the worm opens TCP port 1080 to listen for additional commands or to allow a remote attacker access to the infected system.

Prevention
Users who have not installed the I-Frame patch (MS01-020) should do so. In general, do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software. Contact your antivirus vendor to obtain the most current antivirus signature files that include Bugbear.b.

Removal
Almost all the antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, Computer Associates, F-Secure, iDefense,McAfee, Messagelabs, Norman, Panda, Sophos, Symantec, and Trend Micro.



Diese Nachricht wurde geändert von: Marcus
  Profil   E-Mail   Editieren   Zitieren
Can
Halbgott
Threadstarter




Beiträge: 1328

Und auf der Download-Page für das Patch:

Note: This update is included in Internet Explorer 5.01 Service Pack 2.


Heißt also, im IE 6 besteht die Lücke nicht mehr

---
"S-púrlawits'chkâ A-ngáse gûrewüdíx" - Zaphrot Bibelprox

  Profil   E-Mail   Editieren   Zitieren
Marcus
Forenheld




Beiträge: 885

Doch, <5.5 und >6SP1 sind aber nicht mehr infizierbar:

GreyMagic Security Advisory GM#011-IE
=====================================

By GreyMagic Software, Israel.
15 Oct 2002.

Available in HTML format at http://security.greymagic.com/adv/gm011-ie/.

Topic: Internet Explorer : The D-Day.

Discovery date: 26 Sep 2002.

Affected applications:
======================

Microsoft Internet Explorer 5.5 and 6.0; prior versions and IE6 SP1 are not
vulnerable.

Note that any other application that uses Internet Explorer's engine
(WebBrowser control) is affected as well (Outlook under the Internet zone,
MSN Explorer, etc.).


Introduction:
=============

The and


Solution:
=========

Until a patch becomes available either disable Active Scripting or upgrade
to IE6 SP1.


Tested on:
==========

IE5.5 Win98.
IE5.5 NT4.
IE6 Win98.
IE6 Win2000.
IE6 WinXP.


Demonstration:
==============

We put together four proof-of-concept demonstrations:

* Simple: Reads the client's "google.com" cookie.
* D-Day Console: Automatically load and execute commands on any site.
* D-Day Reading: Read local files by accessing a res:// URL.
* D-Day Execution: Execute arbitrary programs by accessing a res:// URL.

They can all be found at http://security.greymagic.com/adv/gm011-ie/.


Feedback:
=========

Please mail any questions or comments to security@greymagic.com.

- Copyright © 2002 GreyMagic Software.


Quelle: http://packetstorm.widexs.nl/0210-exploits/gm011-ie.txt

Auch Programme sind ausführbar, bei 5.1 und 5.5

Diese Nachricht wurde geändert von: Marcus
  Profil   E-Mail   Editieren   Zitieren
 

Antworten
Forum » Internet & Co » IFrames

Aktuelle Beiträge zur Hilfe im Forum für Homepage - IFrames im Forum Homepage Hosting AntwortenLetztes Posting
DSGVO konforme Webseite
in "Internet & Co"
2 15.11.2018 08:32 von Muller
Online Marketing Agentur
in "Internet & Co"
10 29.10.2018 21:41 von andyy
Suche gute IT Fachleute
in "Internet & Co"
4 26.10.2018 14:40 von minad
Shop für Druckereibedarf im Internet?
in "Internet & Co"
3 26.10.2018 14:39 von minad
Infos zu EAN Nummer
in "Internet & Co"
1 16.10.2018 23:41 von hardtjulia
Günstige Werbeartikel?
in "Internet & Co"
10 14.10.2018 22:49 von andyy
Wie schnell ist eure internet?
in "Internet & Co"
8 12.10.2018 09:21 von Galvaho
DSGVO - Wer braucht einen Datenschutzbeauftragten?
in "Internet & Co"
4 03.10.2018 23:28 von Isasimon
Lernen online von zu Hause
in "Internet & Co"
1 01.10.2018 08:10 von norbertofahey
Affiliate Projekt starten
in "Internet & Co"
4 30.09.2018 16:43 von andyy
Smartphone gesucht
in "Internet & Co"
1 28.09.2018 23:31 von floriw
Internetverbindung ohne Ausfälle?
in "Internet & Co"
5 26.09.2018 23:50 von Galvaho
Platz 1
in "Internet & Co"
4 22.09.2018 08:00 von Galvaho
WLAN sicher?
in "Internet & Co"
7 19.09.2018 02:19 von Isasimon
Aufkleber drucken lassen
in "Internet & Co"
5 17.09.2018 16:41 von Robeni
Individuelles Mousepad
in "Internet & Co"
4 13.09.2018 12:16 von Maren
Yogamatte
in "Internet & Co"
4 13.09.2018 08:38 von Barbara_Sch



Besucher : 5829539    Heute : 730     Gestern : 1572     Online : 55     15.11.2018    12:16      0 Besucher in den letzten 60 Sekunden        
Nach oben