Re: Color differences
On 1 Oct 2004, at 20:07, CoJaBo wrote:
>
>
> posted by: CoJaBo <cojabo at suscom.net>
>
> Craig Welch wrote:
> >
> > Kat wrote:
> >
> > > What functions? the original url was blank, all javascript! There was
> > > nothi=
> > > ng=20 there, the page was blank!
> >
> > Javascript != 'blank'. Quite a nice functional web page, actually.
> >
> > Are you guys really risking being trojaned for=
> > >
> > > some code that you now say is inadequate?!?
> >
> > The mere presence of javascript does not in itself imply a risk of a
> > trojan. Choice of browser, other security settings, all come into play.
>
> Kat does have a point:
> The "nitrious" virus I discovered uses javascript to
> open the popup for its install ActiveX script and to
> prevent someone from closing the install popup,
> as well as opening a large number of (apparently
> random) websites for reasons I don't know(DDOS
> attack maybe?) I have tested this on Mozilla
> Firefox(since it is immune to the destructive
> part of the virus) and the javascripts work
> fine on it, the window won't close, and the
> "DDOS" attack runs.
>
> Also I have recieved a number of phising e-mails
> that use javascript to make the fake site look secure,
> it works so well that the fake site looks identical
> to the real one.
The Citi phishing one was/is notorious, and it's still going around. Here's a
page that describes how to use Activex to do anything. This one spreads
itself by advertising on irc, but it also replaces the windows system dlls, so
the whole computer can be owned: http://charmy.tky.hut.fi/brit.txt
Kat
|
Not Categorized, Please Help
|
|
