View Full Version : Koc is infected read this

30th June 2009, 06:02 AM
Ok i thoght id use my lap top (dont much at home)
i have different security than my desk top so i never seen this b4:surprise:

I have norton i got a bad warning when i came to koc

there are 2 driveby downloaders here here is the Symantec report page link:erm:

this is not good admins please fix these nasty things:(



Just look at above link for required info (link to norton report)

30th June 2009, 06:58 AM
1) Have you ever heard of false positives?
2) Norton's shit.

30th June 2009, 07:14 AM
1) Have you ever heard of false positives?
2) Norton's shit.

norton is good for somethings...

and yes ive heard of false positives..
did you read the report on the link?
guess not here u go read the bit bout false positives....

dnt belive me go paste the infected link in your browser and tell me if its safe:rolleyes1

Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a heap buffer overflow vulnerability in Internet Explorer which could result in remote code execution.
Additional Information
Microsoft Internet Explorer is prone to a heap-based buffer overflow vulnerability in the 'createControlRange()' DHTML method. The 'createControlRange()' DHTML method allows for creation of a 'controlRange' collection consisting of non-textual elements which may be manipulated by various other DHTML methods.

This vulnerability is due to a boundary condition error that is exposed when passing data to the 'createControlRange()' DHTML method. The overflow may result in corruption of heap-based memory with attacker-specified data. An attacker may leverage the resulting memory corruption to overwrite sensitive variables in memory to influence execution flow of the program.

This vulnerability could be exploited to execute arbitrary code in the context of the currently logged in user. Exploitation is most likely to occur through a malicious Web page that invokes the vulnerable DHTML method. HTML email may also present an attack vector.

* Microsoft Internet Explorer 5.0.1, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1, 6.0 SP2
* Microsoft Windows ME
* Microsoft Windows Server 2003 Datacenter Edition
* Microsoft Windows Server 2003 Datacenter Edition Itanium
* Microsoft Windows Server 2003 Enterprise Edition
* Microsoft Windows Server 2003 Enterprise Edition Itanium
* Microsoft Windows Server 2003 Standard Edition
* Microsoft Windows Server 2003 Web Edition
* Microsoft Windows XP Home
* Microsoft Windows XP Professional
* Nortel Networks IP softphone 2050
* Nortel Networks Mobile Voice Client 2050
* Nortel Networks Optivity Telephony Manager (OTM)
* Nortel Networks Symposium Web Center Portal (SWCP)
* Nortel Networks Symposium Web Client

Microsoft has released a cumulative update for Internet Explorer to address this and other vulnerabilities. Updates for Internet Explorer on Microsoft Windows 98/98SE/ME may be obtained through Windows Update.

Nortel Networks has released security advisory 2005005511-2 acknowledging this issue. Please the referenced advisory for further information.

Possible False Positives
There are no known conditions for false positives associated with this signature.
Additional References

* CAN-2005-0055
* Microsoft Internet Explorer "createControlRange()" Memory Corruption
* Microsoft Security Bulletin MS05-014
* SecurityFocus BID: 12475
* Security Advisory Bulletins

i dont care leave it as it is...

30th June 2009, 07:19 AM
The links were removed because as you said they were malicious.

You were also instructed of what to do in this case and that was to email rocco. He deals with these problems. The email for him is in my sig.

I will close this now since you know what to do ;)