To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- On Fri, 22 Sep 2006, Lawrence Abrams wrote: > This is definitely due to the VML exploit. What you are experiencing may be > hardware DEP blocking the exploit. When DEP blocks the page it will also > crash IE. > > A guide was put up for my members here that gives some information and a > method of protecting yourself from the exploit. > > http://www.bleepingcomputer.com/forums/topic66086.html > > In summary you need to have them unregister the > "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll file using regsvr32. > This will disable VML on the machine and therefore protect against the > exploit.
Patch (unofficial) now available: http://www.eweek.com/article2/0,1895,2019162,00.asp http://isotf.org/zert/ > > > > ----- Original Message ----- > From: "Gadi Evron" <[EMAIL PROTECTED]> > To: "Alavan" <[EMAIL PROTECTED]> > Cc: <[email protected]> > Sent: Friday, September 22, 2006 12:28 AM > Subject: Re: [botnets] Possible zero-day exploit? > > > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > > ---------- > > On Thu, 21 Sep 2006, Alavan wrote: > >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > >> ---------- > >> Thanks Gadi. I hadn't been checking my [botnet] box, so I missed the > >> discussion. My apologies. Lots of good info there. I just found it > >> bizarre > >> that we began getting flooded for about 2 hours and then it tapered off > >> to > >> almost nothing. I wonder what website/e-mail they're all > >> visiting/clicking > >> on that's getting them in trouble.....if I get any info on this, I'll > >> forward it. > >> > >> Tomorrow morning, I'll be cleaning a customer's PC that was infected. I > >> may > >> or may not get further information. > >> > >> The symptoms were IE closing right after opening. Disabling "Enable 3rd > >> party browser extensions" allows IE to run properly. Another post states > >> that disabling Javascripting does the same. > >> > >> We had probably several hundred trends (customer support reps trending > >> their > >> issue with the customer) between 3:30pm and 5:00pm PST and then it > >> started > >> tapering off. > > > > Other ISPs are also reporting massive floods of their tech support > > lines. The hours can be explained by "leaving work" and going home, but I > > am not sure. > > > >> > >> Alavan > >> > >> > >> ----- Original Message ----- > >> From: "Elia Florio" <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Sent: Thursday, September 21, 2006 5:49 PM > >> Subject: Re: [botnets] Possible zero-day exploit? > >> > >> > >> > Your symptoms look very similar to the recent VML 0day exploit for IE. > >> > Any sample/page to submit? Any URL to analyze? > >> > > >> > EF > >> > > >> > ----- Original Message ----- > >> > From: "Alavan" <[EMAIL PROTECTED]> > >> > To: <[email protected]> > >> > Sent: Friday, September 22, 2006 2:22 AM > >> > Subject: [botnets] Possible zero-day exploit? > >> > > >> > > >> >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > >> >> ---------- > >> >> I work at a Tier 1 ISP (Cox Communications). We are getting slammed > >> >> with > >> >> customers calling regarding IE closing right after opening (thousands > >> >> of > >> >> calls). Normally this is virus related. I have to look at a machine to > >> >> see what's going on.... > >> >> > >> >> If anyone hears anything...... > >> >> > >> >> Regards, > >> >> > >> >> Alavan > >> >> _______________________________________________ > >> >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > >> >> All list and server information are public and available to law > >> >> enforcement upon request. > >> >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > >> >> > >> > > >> > > >> > >> _______________________________________________ > >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > >> All list and server information are public and available to law > >> enforcement upon request. > >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > >> > > > > _______________________________________________ > > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > > All list and server information are public and available to law > > enforcement upon request. > > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > > > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
