[OWASP-Ireland] HTML malware

Owen Connolly ojc at networkarchitects.ie
Mon Feb 27 11:52:14 EST 2006


I actually think that's a pretty good idea.  As we know by now, it's only a matter of when this attack works in the wild, so maybe we should recommend this as an initial response until we get a clearer picture!

Cheers,


Ojc
-----Original Message-----
From: "Tony Palmer" <tony.palmer at vordel.com>
Date: Mon, 27 Feb 2006 16:33:30 
To:<eoin.keary at ritsgroup.com>, <owasp-ireland at lists.sourceforge.net>
Subject: RE: [OWASP-Ireland] HTML malware

Maybe a simple fix would be for app firewalls to remove all comments from downloaded files. By definition they are not required by browsers. I forsee another sledgehammer policy already! 
T   
   
-----Original Message-----
From:   eoin.keary at ritsgroup.com [mailto:eoin.keary at ritsgroup.com] 
Sent: 27   February 2006 16:17
To: Tony Palmer;   owasp-ireland at lists.sourceforge.net
Subject: RE: [OWASP-Ireland]   HTML malware


Yep,   
sounds to me like a certain element of    recon/statistical gathering :0) 

Thing is, do application firewalls or client side security look for   malicious data in comments or should they? 


**********************************
Eoin Keary   CISSP
Senior Consultant
Rits Information Security
2052  Castle    Drive
Citywest Business Campus
Co. Dublin

Tel:  353   (01) 642 0500
Fax: 353 (01) 466 0468
Email:   eoin.keary at ritsgroup.com
Web:   www.ritsgroup.com
**********************************
This email contains   information which may be confidential or privileged. The information is   intended solely for the use of the individual or entity named above.  If   you are not the intended recipient, be aware that any disclosure, copying,   distribution or use of the contents of this information is prohibited.    If you have received this electronic transmission in error, please   notify me by telephone or by electronic mail immediately. Any opinions   expressed are those of the author, not Rits. This email does not constitute   either offer or acceptance of any contractually binding agreement. Such offer   or acceptance must be communicated in writing. 


                       "Tony Palmer"         <tony.palmer at vordel.com>         
27/02/2006 15:22 

               
        To:                <eoin.keary at ritsgroup.com> 
        cc:                 
                Subject:        RE: [OWASP-Ireland]         HTML malware


Hmm, 
     Install yourself and wait for instructions. Ill bet whats in between the   comment tags are base64 encoded execution commands, or similar. This is   somebody setting up a zombie network possibly for sale. The number of hits on   his site being a count of how many machines are at his disposal. Neat.   
T 
-----Original Message-----
From:   owasp-ireland-admin at lists.sourceforge.net   [mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of   eoin.keary at ritsgroup.com
Sent: 27 February 2006   14:50
To: owasp-ireland at lists.sourceforge.net
Subject:   [OWASP-Ireland] HTML malware


http://isc.sans.org/diary.php?storyid=1147 


Hi, 
Good document on some malware guys at SANS found.   Raises some interesting ways  in which malware is going. 



**********************************
Eoin Keary CISSP
Senior   Consultant
Rits Information Security
2052  Castle    Drive
Citywest Business Campus
Co. Dublin

Tel:  353   (01) 642 0500
Fax: 353 (01) 466 0468
Email:   eoin.keary at ritsgroup.com
Web:   www.ritsgroup.com
**********************************
This email contains   information which may be confidential or privileged. The information is   intended solely for the use of the individual or entity named above.  If   you are not the intended recipient, be aware that any disclosure, copying,   distribution or use of the contents of this information is prohibited.    If you have received this electronic transmission in error, please   notify me by telephone or by electronic mail immediately. Any opinions   expressed are those of the author, not Rits. This email does not constitute   either offer or acceptance of any contractually binding agreement. Such offer   or acceptance must be communicated in writing. 

This e-mail is business-confidential and may   be privileged. If you are not
the intended recipient, please notify us   immediately and delete it. If the
email does not relate to Vordel's   business then it is neither from nor
authorized by Vordel. Thank   you. 


This e-mail is business-confidential and may be privileged. If you are not
 the intended recipient, please notify us immediately and delete it. If the
 email does not relate to Vordel's business then it is neither from nor
 authorized by Vordel. Thank you.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Owen Connolly
Technical Director
http://www.networkarchitects.ie
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the Owasp-ireland mailing list