Last Updated: 2004-04-12 21:28:50 UTC
by Joshua Wright (Version: 1)
There is some evidence of an automated tool to generate Internet Explorer exploitative code from the following source code comment:
<!-- NEW Z.D.E.-D.B.D. w/ vu083003-H.P.S. (c) April 2004 SmartBot -->
If anyone has any additional information about this tool, please contact the Internet Storm Center.
Another suspicious user identified the presence of malware in a SCR attachment to several public USENET news groups, purportedly offering adult content of a popular pop singer. No malware is reported by Symantec Anti-virus with signatures from 4/12/2004, but strings in the executable content indicate the malware has an embedded Trojan dropper called “ExeStealth”.
Administrators should utilize anti-virus tools with malicious script blocking features and updated signatures to mitigate IE CHM attacks. Be prepared to deploy patches to resolve this serious issue once available.
IE Unauthorized Printing
A post on the BUGTRAQ mailing list indicates that an attacker can force Internet Explorer to print browser content without authorization by the user. Sample code to exploit the flaw was also made available. While this flaw does not allow an attacker to compromise a vulnerable system, it demonstrates another weakness in the popular web browser. Testing on Mozilla 1.7b on Windows XP indicates that it is not vulnerable to this flaw. Sarcasm omitted.
--Joshua Wright/Handler on duty