[OWASP-Ireland] HTML malware

Tony Palmer tony.palmer at vordel.com
Mon Feb 27 11:33:30 EST 2006


Maybe a simple fix would be for app firewalls to remove all comments from
downloaded files. By definition they are not required by browsers. I forsee
another sledgehammer policy already!
T

-----Original Message-----
From: eoin.keary at ritsgroup.com [mailto:eoin.keary at ritsgroup.com] 
Sent: 27 February 2006 16:17
To: Tony Palmer; owasp-ireland at lists.sourceforge.net
Subject: RE: [OWASP-Ireland] HTML malware



Yep, 
sounds to me like a certain element of  recon/statistical gathering :0) 

Thing is, do application firewalls or client side security look for
malicious data in comments or should they? 


**********************************
Eoin Keary CISSP
Senior Consultant
Rits Information Security
2052  Castle  Drive
Citywest Business Campus
Co. Dublin

Tel:  353 (01) 642 0500
Fax: 353 (01) 466 0468
Email: eoin.keary at ritsgroup.com
Web: www.ritsgroup.com
**********************************
This email contains information which may be confidential or privileged. The
information is intended solely for the use of the individual or entity named
above.  If you are not the intended recipient, be aware that any disclosure,
copying, distribution or use of the contents of this information is
prohibited.  If you have received this electronic transmission in error,
please notify me by telephone or by electronic mail immediately. Any
opinions expressed are those of the author, not Rits. This email does not
constitute either offer or acceptance of any contractually binding
agreement. Such offer or acceptance must be communicated in writing. 



	"Tony Palmer" <tony.palmer at vordel.com> 


27/02/2006 15:22 


        
        To:        <eoin.keary at ritsgroup.com> 
        cc:         
        Subject:        RE: [OWASP-Ireland] HTML malware



Hmm, 
   Install yourself and wait for instructions. Ill bet whats in between the
comment tags are base64 encoded execution commands, or similar. This is
somebody setting up a zombie network possibly for sale. The number of hits
on his site being a count of how many machines are at his disposal. Neat. 
T 
-----Original Message-----
From: owasp-ireland-admin at lists.sourceforge.net
[mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of
eoin.keary at ritsgroup.com
Sent: 27 February 2006 14:50
To: owasp-ireland at lists.sourceforge.net
Subject: [OWASP-Ireland] HTML malware


http://isc.sans.org/diary.php?storyid=1147 


Hi, 
Good document on some malware guys at SANS found. Raises some interesting
ways  in which malware is going. 



**********************************
Eoin Keary CISSP
Senior Consultant
Rits Information Security
2052  Castle  Drive
Citywest Business Campus
Co. Dublin

Tel:  353 (01) 642 0500
Fax: 353 (01) 466 0468
Email: eoin.keary at ritsgroup.com
Web: www.ritsgroup.com
**********************************
This email contains information which may be confidential or privileged. The
information is intended solely for the use of the individual or entity named
above.  If you are not the intended recipient, be aware that any disclosure,
copying, distribution or use of the contents of this information is
prohibited.  If you have received this electronic transmission in error,
please notify me by telephone or by electronic mail immediately. Any
opinions expressed are those of the author, not Rits. This email does not
constitute either offer or acceptance of any contractually binding
agreement. Such offer or acceptance must be communicated in writing. 

This e-mail is business-confidential and may be privileged. If you are not
the intended recipient, please notify us immediately and delete it. If the
email does not relate to Vordel's business then it is neither from nor
authorized by Vordel. Thank you. 





This e-mail is business-confidential and may be privileged. If you are not
the intended recipient, please notify us immediately and delete it. If the
email does not relate to Vordel's business then it is neither from nor
authorized by Vordel. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-ireland/attachments/20060227/6aca7c04/attachment.html 


More information about the Owasp-ireland mailing list