Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

browser Exploit question

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 07-24-2009
Rage Skywolfe
 

Posts: n/a
browser Exploit question
I got a couple of webshield warnings that listed two exploits one of those
being microsoft video streaming active x (type 704) which I believe was
patched and JavaScript Obfuscation (type 643). and earlier I came across this
that was on the bing site which was also caught by the shield. "Virus found

HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"

(firefox being in this case is what the browser was when it came up) my
question is what are the symptoms of exploits exactly. and has the webshield
caught it as well as what I listed above.
--
Four Generations Of Trust And Betrayal...One Legacy

Skywolfe
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-24-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: browser Exploit question
Is the computer running WinXP SP3 and is it fully patched at Windows Update?

Rage Skywolfe wrote:
> I got a couple of webshield warnings that listed two exploits one of those
> being microsoft video streaming active x (type 704) which I believe was
> patched and JavaScript Obfuscation (type 643). and earlier I came across
> this that was on the bing site which was also caught by the shield.
> "Virus
> found
>
> HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
>
> (firefox being in this case is what the browser was when it came up) my
> question is what are the symptoms of exploits exactly. and has the
> webshield
> caught it as well as what I listed above.


Reply With Quote
  #3 (permalink)  
Old 07-24-2009
Rage Skywolfe
 

Posts: n/a
Re: browser Exploit question
yes. and I forgot to give what I was running out. I am also running IE8 and
on firefox it is the latest version installed.
--
Four Generations Of Trust And Betrayal...One Legacy

Skywolfe


"PA Bear [MS MVP]" wrote:

> Is the computer running WinXP SP3 and is it fully patched at Windows Update?
>
> Rage Skywolfe wrote:
> > I got a couple of webshield warnings that listed two exploits one of those
> > being microsoft video streaming active x (type 704) which I believe was
> > patched and JavaScript Obfuscation (type 643). and earlier I came across
> > this that was on the bing site which was also caught by the shield.
> > "Virus
> > found
> >
> > HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> > 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
> >
> > (firefox being in this case is what the browser was when it came up) my
> > question is what are the symptoms of exploits exactly. and has the
> > webshield
> > caught it as well as what I listed above.

>
>

Reply With Quote
  #4 (permalink)  
Old 07-24-2009
VanguardLH
 

Posts: n/a
Re: browser Exploit question
Rage Skywolfe wrote:

> I got a couple of webshield warnings that listed two exploits one of
> those being microsoft video streaming active x (type 704) which I
> believe was patched and JavaScript Obfuscation (type 643). and
> earlier I came across this that was on the bing site which was also
> caught by the shield. "Virus found
>
> HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
>
> (firefox being in this case is what the browser was when it came up)
> my question is what are the symptoms of exploits exactly. and has the
> webshield caught it as well as what I listed above.


The .Chinese zyejanag.cn site is attempting to use the AX exploit. That
your unidentified "web shield" security program caught it means that it
should have blocked that web page from even loading or blocked the
malicious content on it. Since it alerted means it protected you.
Obviously your unidentified security program already caught the exploit.
Presumably you have used Windows Update to also eliminate the exploit.
The exploits will be inuse for a long time after the patch since many
users don't bother to keep updated their Windows installation. Can't be
specific about a "web shield" alert from an unidentified security
program.

I'm assuming the "Javascript Obfuscation (643)" is dynamic code
obfuscation (see http://www.finjan.com/Content.aspx?id=1456). That
trick isn't itself malware but can be used to introduce malware. Some
sites use it to protect their content from getting stolen by web
crawlers. Some sites use it to hide from where their content comes. I
used the Finjan SecureBrowser toolbar for awhile but found that where it
alerted on dynamic code obfuscation was not for malicious intent except
at a couple of warez sites (which I visited in trying to find how well
this toolbar worked), so more of its alerts on this detected page
behavior were false alerts. Also, it was of little overall value since
it only scans the sites found in a search engine's results (and now it
appears broken for the current code used by the search web sites). So
far, Avast's Web Shield has been adequate in identifying suspect or
malicious web content so I got rid of Finjan's SecureBrowsing toolbar.
You can manually enter a URL for a web site using their tester web page
but I'm not going to bother doing that for every site that I happen to
visit.

The symtom of an exploit depends on what code it managed to deposit and
execute on your host. That the door to your house is open doesn't
define just who walked in through that open door.
Reply With Quote
  #5 (permalink)  
Old 07-24-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: browser Exploit question
Well, I'm not about to click on that link but I will point you to these two
pages:

http://www.mywot.com/en/scorecard/zyejanag.cn

http://www.malwareurl.com/listing.ph...in=zyejanag.cn

It may well be that the page you were attempting to visit (or to which you
were being misdirected) showed evidence of attempting to exploit one or more
vulnerabilities and bing.com was protecting you (even though your computer
may be fully patched at this point).

That's all I can say about this publicly right now. <wink>


Rage Skywolfe wrote:
> yes. and I forgot to give what I was running out. I am also running IE8
> and
> on firefox it is the latest version installed.
>
>> Is the computer running WinXP SP3 and is it fully patched at Windows
>> Update?
>>
>> Rage Skywolfe wrote:
>>> I got a couple of webshield warnings that listed two exploits one of
>>> those
>>> being microsoft video streaming active x (type 704) which I believe was
>>> patched and JavaScript Obfuscation (type 643). and earlier I came across
>>> this that was on the bing site which was also caught by the shield.
>>> "Virus
>>> found
>>>
>>> HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
>>> 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
>>>
>>> (firefox being in this case is what the browser was when it came up) my
>>> question is what are the symptoms of exploits exactly. and has the
>>> webshield
>>> caught it as well as what I listed above.


Reply With Quote
  #6 (permalink)  
Old 07-25-2009
Rage Skywolfe
 

Posts: n/a
Re: browser Exploit question
that "undertimined security program" is not a security program itself. it is
part of AVG and that is all I wanted to know is if it was blocked or not. the
only "site" I go to test out if things are actually working like they are
supposed to is Eicar.
--
Four Generations Of Trust And Betrayal...One Legacy

Skywolfe


"VanguardLH" wrote:

> Rage Skywolfe wrote:
>
> > I got a couple of webshield warnings that listed two exploits one of
> > those being microsoft video streaming active x (type 704) which I
> > believe was patched and JavaScript Obfuscation (type 643). and
> > earlier I came across this that was on the bing site which was also
> > caught by the shield. "Virus found
> >
> > HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> > 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
> >
> > (firefox being in this case is what the browser was when it came up)
> > my question is what are the symptoms of exploits exactly. and has the
> > webshield caught it as well as what I listed above.

>
> The .Chinese zyejanag.cn site is attempting to use the AX exploit. That
> your unidentified "web shield" security program caught it means that it
> should have blocked that web page from even loading or blocked the
> malicious content on it. Since it alerted means it protected you.
> Obviously your unidentified security program already caught the exploit.
> Presumably you have used Windows Update to also eliminate the exploit.
> The exploits will be inuse for a long time after the patch since many
> users don't bother to keep updated their Windows installation. Can't be
> specific about a "web shield" alert from an unidentified security
> program.
>
> I'm assuming the "Javascript Obfuscation (643)" is dynamic code
> obfuscation (see http://www.finjan.com/Content.aspx?id=1456). That
> trick isn't itself malware but can be used to introduce malware. Some
> sites use it to protect their content from getting stolen by web
> crawlers. Some sites use it to hide from where their content comes. I
> used the Finjan SecureBrowser toolbar for awhile but found that where it
> alerted on dynamic code obfuscation was not for malicious intent except
> at a couple of warez sites (which I visited in trying to find how well
> this toolbar worked), so more of its alerts on this detected page
> behavior were false alerts. Also, it was of little overall value since
> it only scans the sites found in a search engine's results (and now it
> appears broken for the current code used by the search web sites). So
> far, Avast's Web Shield has been adequate in identifying suspect or
> malicious web content so I got rid of Finjan's SecureBrowsing toolbar.
> You can manually enter a URL for a web site using their tester web page
> but I'm not going to bother doing that for every site that I happen to
> visit.
>
> The symtom of an exploit depends on what code it managed to deposit and
> execute on your host. That the door to your house is open doesn't
> define just who walked in through that open door.
>

Reply With Quote
  #7 (permalink)  
Old 07-25-2009
VanguardLH
 

Posts: n/a
Re: browser Exploit question
Rage Skywolfe wrote:

> that "undertimined security program" is not a security program itself. it is
> part of AVG and that is all I wanted to know is if it was blocked or not. the
> only "site" I go to test out if things are actually working like they are
> supposed to is Eicar.


AVG *is* a security product (anti-virus, anti-malware, HIPS, heuristics,
firewall, etc).

Grisoft acquired the Linkscanner product and rolled it into their v8
bundle. Most AVG users eventually remove it due to its slowdown of web
surfing. It's possible the "web shield" was this Linkscanner component
or something else in AVG. Folks in Grisoft's forums would better know
from what component of AVG was the "web shield" alert.

http://www.avgforums.com/
http://freeforum.avg.com/list.php?13
Reply With Quote
  #8 (permalink)  
Old 07-25-2009
Rage Skywolfe
 

Posts: n/a
Re: browser Exploit question
ok. I have had problems with that at times too. seems to only really be
noticeable in task manager when windows defender is installed. as far as
spyware protection goes, I haven't had too much of a problem with it except
for one thing. when that and the virus scanner both detect something it seems
to let it pass through... anyway back to the browser issue. I have really
only had a problem with the link scanner has been multiple instances of
iexplore,exe in task manager. in IE8 there are supposed to be only two and
then they usualy go away after the browser is closed. in my case they were
staying. but like I said,haven't had that problem in weeks.
--
Four Generations Of Trust And Betrayal...One Legacy

Skywolfe


"VanguardLH" wrote:

> Rage Skywolfe wrote:
>
> > that "undertimined security program" is not a security program itself. it is
> > part of AVG and that is all I wanted to know is if it was blocked or not. the
> > only "site" I go to test out if things are actually working like they are
> > supposed to is Eicar.

>
> AVG *is* a security product (anti-virus, anti-malware, HIPS, heuristics,
> firewall, etc).
>
> Grisoft acquired the Linkscanner product and rolled it into their v8
> bundle. Most AVG users eventually remove it due to its slowdown of web
> surfing. It's possible the "web shield" was this Linkscanner component
> or something else in AVG. Folks in Grisoft's forums would better know
> from what component of AVG was the "web shield" alert.
>
> http://www.avgforums.com/
> http://freeforum.avg.com/list.php?13
>

Reply With Quote
  #9 (permalink)  
Old 07-25-2009
Rage Skywolfe
 

Posts: n/a
Re: browser Exploit question
that was after the Bing site was opened in fact just directly after was just
doing a search on that to see what it was and the HTML/Fremer threat came up.
--
Four Generations Of Trust And Betrayal...One Legacy

Skywolfe


"PA Bear [MS MVP]" wrote:

> Well, I'm not about to click on that link but I will point you to these two
> pages:
>
> http://www.mywot.com/en/scorecard/zyejanag.cn
>
> http://www.malwareurl.com/listing.ph...in=zyejanag.cn
>
> It may well be that the page you were attempting to visit (or to which you
> were being misdirected) showed evidence of attempting to exploit one or more
> vulnerabilities and bing.com was protecting you (even though your computer
> may be fully patched at this point).
>
> That's all I can say about this publicly right now. <wink>
>
>
> Rage Skywolfe wrote:
> > yes. and I forgot to give what I was running out. I am also running IE8
> > and
> > on firefox it is the latest version installed.
> >
> >> Is the computer running WinXP SP3 and is it fully patched at Windows
> >> Update?
> >>
> >> Rage Skywolfe wrote:
> >>> I got a couple of webshield warnings that listed two exploits one of
> >>> those
> >>> being microsoft video streaming active x (type 704) which I believe was
> >>> patched and JavaScript Obfuscation (type 643). and earlier I came across
> >>> this that was on the bing site which was also caught by the shield.
> >>> "Virus
> >>> found
> >>>
> >>> HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> >>> 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
> >>>
> >>> (firefox being in this case is what the browser was when it came up) my
> >>> question is what are the symptoms of exploits exactly. and has the
> >>> webshield
> >>> caught it as well as what I listed above.

>
>

Reply With Quote
  #10 (permalink)  
Old 07-25-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: browser Exploit question
Possibly related?...

Microsoft Security Bulletin Advance Notification for July 2009:
http://www.microsoft.com/technet/sec...9-jul-ans.mspx

<QP>
Microsoft Security Bulletin Advance Notification issued: July 24, 2009
Microsoft Security Bulletins to be issued: July 28, 2009

This is an advance notification of two out-of-band security bulletins that
Microsoft is intending to release on July 28, 2009. One bulletin will be for
the Microsoft Visual Studio product line; application developers should be
aware of updates available affecting certain types of applications. The
second bulletin contains defense-in-depth changes to Internet Explorer to
address attack vectors related to the Visual Studio bulletin, as well as
fixes for unrelated vulnerabilities that are rated Critical. Customers who
are up to date on their security updates are protected from known attacks
related to this out-of-band release.
</QP>
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


Rage Skywolfe wrote:
> I got a couple of webshield warnings that listed two exploits one of those
> being microsoft video streaming active x (type 704) which I believe was
> patched and JavaScript Obfuscation (type 643). and earlier I came across
> this that was on the bing site which was also caught by the shield.
> "Virus
> found
>
> HTML/Framer";"www.bing.com/captionHandler.aspx?IG=623aeaa144c9495998a7a10c279 06279&pu=http%3A%2F%2Fzyejanag.cn%2Frf%2FrepeatWas .pdf&IID=SERP.1&d=230704357822&w=23900be1,d25ae3fe &q=zyejanag.cn";"";"7/24/2009,
> 10:22:10 AM";"file";"C:\Program Files\Mozilla Firefox\firefox.exe"
>
> (firefox being in this case is what the browser was when it came up) my
> question is what are the symptoms of exploits exactly. and has the
> webshield
> caught it as well as what I listed above.


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Android exploit so dangerous, users warned to avoid phone's web browser Steve Security News 0 02-12-2009 19:40
Google Android vulnerable to drive-by browser exploit Steve Security News 0 10-27-2008 19:10
Researchers question Vista security after ANI exploit BlogFeed Windows Vista Blogs Forum 0 04-10-2007 10:49
Off the wire: Researchers question Vista security after ANI exploit Steve Security News 0 04-08-2007 23:38
Researchers question Vista security after ANI exploit Steve Security News 0 04-06-2007 20:24




All times are GMT +1. The time now is 14:35.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120