On Friday 27 Sep 2002 9:48 pm, Troy Ablan wrote: > > > -- BEGIN SOURCE -- > > > > > > <html><head><title>Browser Plugin Requried</title><meta > > > http-equiv="refresh" content="1; > > > url=psecure20x-cgi-install.version6.01.bin.hx.com"></head><body><h1>Bro > > >wser Plugin Required:</h1><br>You may need to restart your browser for > > > changes to take affect.<br>Security Certificate by <a > > > href="http://www.verisign.com">Verisign</a> 2002.<br>MD5: > > > 9DD756AC-80E057FC-E00703A2-F801F2E3<br><br>Click <a > > > href="psecure20x-cgi-install.version6.01.bin.hx.com">HERE</a> and > > > choose "Run" to install.</body></html> > > > > > > -- END SOURCE -- > I don't think so. I think it's just the text of the HTML page saying > that -- part of the social engineering in play to get the user to execute > the worm. > > -Troy Ditto, that's what I thought as well. Basically the hacker is trying to fool the end user into thinking the page they have been asked to view (by whatever means) requires a plugin to run. The user thinks that by accepting to install the "plugin" they are being given a valid plugin signed by verisign. It isn't, and they shouldn't run it. But hey, people will. I suspect the "plugin" modifies the home page of the browser, or installs some other activeX control to make this thing work, hence the restart your browser bit. If I had a spare winxx box I would be tempted to have a look at this thing to provide more info, unfortunately I'm mid rebuild of my entire systems so I can't atm :( It's a quite simple play on basic human ignorance, and nothing more. Mike -- _______________________________________________________________________ "In their capacity as a tool, computers will be but a ripple on the surface of our culture. In their capacity as intellectual challenge, they are without precedent in the cultural history of mankind." Edsger Wybe Dijkstra on Computers ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Sep 29 2002 - 19:26:43 PDT