Aren't their still cross-scripting problems with IE still? Plus I think the Drag and Drop exploit is still unpatched? Comments anyone?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Harlan Carvey > Sent: Sunday, October 03, 2004 2:37 PM > To: [EMAIL PROTECTED] > Cc: Joel R. Helgeson; Geraldo Rivera > Subject: Re: [Full-Disclosure] Spyware installs with no > interaction in IE on fully patched XP SP2 box > > > > > This machine is a fully patched XP SP2 box, with > > the default security > > > settings for IE's Internet Zone. Does anybody know > > what method this crap > > > could be using to install without any user > > interaction? > > It's a little hard to tell accurately without taking a look > at what you removed; ie, saying that you cleaned things out > of the Registry is great, but without knowing what keys you > "cleaned", it's hard to tell. > > However, doing a quick search on Google for "atpartners", > some of the info I found points to BHOs... > > Sorry, wish I could help more, but I'd need more info... > > ===== > ------------------------------------------ > Harlan Carvey, CISSP > "Windows Forensics and Incident Recovery" > http://www.windows-ir.com > http://groups.yahoo.com/group/windowsir/ > > "Meddle not in the affairs of dragons, for you are crunchy, > and good with ketchup." > > "The simplicity of this game amuses me. > Bring me your finest meats and cheeses." > ------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
