Avast WEBforum

Other => General Topics => Topic started by: MWassef on December 12, 2003, 06:57:52 AM

Title: IE Explorer URL spoofing vulnerability
Post by: MWassef on December 12, 2003, 06:57:52 AM
Danger - Phishing ahead (http://www.dslreports.com/shownews/36359)
Internet Explorer Address Bar Spoofing Test (http://www.secunia.com/internet_explorer_address_bar_spoofing_test/)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: .: Mac :. on December 12, 2003, 11:56:38 PM
The dec 2 BlackICE update  that i have protected me!
Title: Re:IE Explorer URL spoofing vulnerability
Post by: techie101returns on December 13, 2003, 07:21:09 PM
Minacross,

Very important information you came across.
Failed the test myself.  At least I can watch the URL bar now until MS decides to come up with a critical update (which they have not as of today.....I just checked).

Thanks,
techie
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 13, 2003, 07:44:52 PM
your welcome  :)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: Waldo on December 13, 2003, 08:36:14 PM
I ran the 2 tests, and it seems i failed them also... :(

Time to find a solution...

Waldo

Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 14, 2003, 05:33:21 PM
MyIE2 fixed it http://www.myie2.com/html_en/home.htm (http://www.myie2.com/html_en/home.htm)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: Lisandro on December 14, 2003, 06:59:31 PM
I failed in both tests with IE... Could not find a solution yet  :'(
Title: Re:IE Explorer URL spoofing vulnerability
Post by: techie101returns on December 14, 2003, 09:28:04 PM
minacross,

The information on MyIE2 was very good.  I reviewed the whole site including the plugins.  It is certainly worth considering.

Have you had any compatability problems in using MyIE2?

Does MS IE or any update to IE affect MyIE2?

Does it have an Uninstaller?  This is crucial!  If MyIE2 "spiders" into the system, you can't really get it out (like Netscape! bah!)


Technical,

Have you tried MyIE2yet?  Let me know.  I want to read some more reviews before giving it an install.

techie
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 14, 2003, 09:38:19 PM
techie,

- no compatability problems in using MyIE2..  ;D
- I think IE updates affects MyIE2
Quoted from download.com  (http://download.com.com/3000-2356-10136776.html?part=112589&subj=dlpage&tag=button) :
MyIE2 is a multipage browser based on the Internet Explorer core (IE 5.x or 6.0 required). It can open multiple Web pages in just one window, and it only takes a few system resources when you're surfing with the integrated user interface. It supports special plug-ins and IE extensions, and its features include autoscrolling, form autofilling, external tools, plug-in support, newsgroup browsing mode, mouse gestures, customizable skins, and an autohide panel. The latest release includes a media player sidebar, a new search bar, and several performance enhancements.

- it has an ininstaller (from add/remove prograns and from the start menu)..
Title: Re:IE Explorer URL spoofing vulnerability
Post by: Lisandro on December 14, 2003, 10:09:10 PM
Technical,
Have you tried MyIE2yet?  Let me know.  I want to read some more reviews before giving it an install.
techie

No I haven't tried it yet  :'( I'm downloading it now!  ;D
Anyway, it could be desinstalled with safe as minacross said.
Title: Re:IE Explorer URL spoofing vulnerability
Post by: techie101returns on December 14, 2003, 11:39:54 PM
Looks good to me.

Going for the download.

Talk to you guys later.

techie
Title: Re:IE Explorer URL spoofing vulnerability
Post by: .: Mac :. on December 14, 2003, 11:48:19 PM
I use Mozilla personally (so it doesnt affect me?) but I will download as well  :)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: techie101returns on December 15, 2003, 10:39:01 PM
Minacross,

Just wanted to let you know that while I was downloading from MyIE2.com, SpywareBlaster nailed a browser hijack attempt.  Although it was only an attempt to change my home page to (I think) www.shareing.com or something like that, it had to come from a 3rd party vendor using MyIE2 as a "piggyback".

Anyone else noticed this?

Still have not tried MyIE2 yet.

techie
Title: Re:IE Explorer URL spoofing vulnerability
Post by: .: Mac :. on December 15, 2003, 10:49:10 PM
spyware guard found the same here
Title: Re:IE Explorer URL spoofing vulnerability
Post by: techie101returns on December 15, 2003, 10:56:11 PM
Mac,

I have Spyware Guard and Blaster installed, so it could have been SG instead.

Not sure if I want to install MyIE2 now.  I hate spyware.

techie
Title: Re:IE Explorer URL spoofing vulnerability
Post by: .: Mac :. on December 15, 2003, 11:08:46 PM
it was most likely spyware guard blaster doesnt alert you like that it just keeps spyware fron running
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 16, 2003, 09:52:37 AM
I have spyware blaster installed, I had nothing of this  ::) ::)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 16, 2003, 10:11:06 AM
I scanned my system with Spybot SnD and it found np spaware files on my pc  ;D
Title: Re:IE Explorer URL spoofing vulnerability
Post by: Lisandro on December 16, 2003, 11:36:09 AM
I scanned my system with Spybot SnD and it found np spaware files on my pc  ;D

Mina, do you have Ad-aware from Lavasoft?

Don't you use the version 2.0 from SpyBot? Are your 'spy' definitions updated?

I hate spywares  >:(
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 16, 2003, 01:35:28 PM
yes, I have Ad-aware on my pc..
I scanned my system and it found only 'alexa' component (that is an IE component not related to MyIE2) as I reinstalled IE6 SP1 a few days ago..
Spyware SnD, Spyware Blaster and Ad-aware are all up-to-date..
I also hate spyware  >:(

Edit: I do not know about this ver.2 of Spybot S&D  ::) the last stable ver. is 1.2 (http://www.safer-networking.org/index.php?lang=en&page=download)  :-\
Title: Re:IE Explorer URL spoofing vulnerability
Post by: Lisandro on December 16, 2003, 09:20:41 PM
yes, I have Ad-aware on my pc..
I scanned my system and it found only 'alexa' component (that is an IE component not related to MyIE2) as I reinstalled IE6 SP1 a few days ago..
Spyware SnD, Spyware Blaster and Ad-aware are all up-to-date..
I also hate spyware  >:(

Edit: I do not know about this ver.2 of Spybot S&D  ::) the last stable ver. is 1.2 (http://www.safer-networking.org/index.php?lang=en&page=download)  :-\

Sorry, my mistake: 1.2 and not 2.0...
Techie: what's happening now? Will you install or not? Is there just one spyware (alexa, like said minacross, is related to IE and not myIE2)? What is the name of the spyware?
Title: Re:IE Explorer URL spoofing vulnerability
Post by: .: Mac :. on December 16, 2003, 09:27:04 PM
where did you get 1.3 beta?
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 16, 2003, 09:39:23 PM
Spybot Search and Destroy 1.3 Beta 4 (http://www.pcqanda.com/dc/dcboard.php?az=show_topic&forum=2&topic_id=257555&mode=full)
Beta changes since 1.2, Including download link (http://forums.net-integration.net/index.php?showtopic=6505)
Version history (http://www.safer-networking.org/index.php?page=http://www.safer-networking.org/index.php?page=versionhistory)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: .: Mac :. on December 16, 2003, 09:41:32 PM
great new features but ill wait for final release  ;)
Title: Re:IE Explorer URL spoofing vulnerability
Post by: Lisandro on December 17, 2003, 01:03:27 AM
great new features but ill wait for final release  ;)

Not so sure it was great new features. I collect some information of the links posted by Minacross:

Spybot Search and Destroy 1.3 Beta 4  
Author: PepiMK Software
Program Type: Freeware

Spybot Search and Destroy searches your hard drive for so-called spy- or adbots; that is, little modules that are responsible for the ads many programs display. Many of these modules also transmit information, including your surfing behavior on the Internet. If it finds such modules, it can remove them. In most cases the host still runs fine after removing the spyware/adware. Another feature is the removal of usage tracks, which makes it more complicated for unknown spybots to transmit useful data. The list of last visited websites, opened files, started programs, cookies, all that and more can be cleaned. Supported are the three major browsers Internet Explorer, Netscape Communicator, and Opera.

Changes in Current Version:
Removed old button panel
"Wait for programs": added hint/tooltip for long filenames
"Wait for programs": oriented vertically for long filenames
Creation of system restore point during internals fix
Creation of system restore point during spyware fix
Fixed advanced mode icon problem
System Startup info like new problem info
Skins section revised
InfoPanel symbols
Results & recovery toolbars moved to the top.....
 
 Issues and opinions:
- the updater appears to freeze, rendering the programme unusable during the update (defaults to UniDo (Europe)).
- a better UI
- uninstall old version before installing this one
- mostly cosmetic changes: some things have been moved around. The browser settings to lock start page and hosts file has its own page now, and is no longer under the "Immunize" tab.
- slower scanning proccess in some machines, faster in others. On the first scan, it calculates your approximate disk usage. Scan again and it should count more accurate. It does scan a little slower, but more nasties are popping up each day.
- strange uninstall procedure
- this version creates System Restore Points before fixing anything, you can disable that feature in settings.
- don't forget...this is a beta version, the code probably hasn't been fully optimized
Title: Re:IE Explorer URL spoofing vulnerability
Post by: techie101returns on December 17, 2003, 01:47:29 AM
Technical
Quote
Techie: what's happening now? Will you install or not?
Although MyIE2 looks very nice, I am going to stick with my IE6 for now.  MyIE2 has a lot of bells and whistles that I do not need.

Quote
Is there just one spyware (alexa, like said minacross, is related to IE and not myIE2)?
I usually come up with the Alexa spyware from time to time.
Adaware picks it up right away.

Quote
What is the name of the spyware?
If you are referring to me, I think it was a browser hijack to www.shareing.com, an advertising site.  As Minacross corrected me, it must have been SpywareGuard that caught it.

I like Spybot, but do not care for beta versions of anything unless I am testing them.  I'll keep my present version of Spybot until the final is out in agreement with Mac.

techie :D
Title: Re:IE Explorer URL spoofing vulnerability
Post by: MWassef on December 17, 2003, 08:30:38 AM
I did not have any problems with 1.3B4 till now, thank God  ;D
More info about Alexa: Alexa Related?? (http://www.pcqanda.com/dc/dcboard.php?az=show_topic&forum=2&topic_id=197584&mode=full)