× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-NONTECH
  3. August 2002

Another gaping security hole in Microsoft IE

1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI


From:
*************** Club Tech Networking Tips Newsletter ***************
A Penton Publication
http://www.iSeriesNetwork.com                http://www.e-ProMag.com
Issue 35                                             August 14, 2002


1. DEF CON TEAM DEMONSTRATES MICROSOFT IE TROJAN SETIRI
Def Con is the infamous conference of underground "security
specialists" (a.k.a. "hackers") that has become the annual venue for
the alarming announcement of new security weaknesses. At this year's
conference -- the 10th -- in Las Vegas, a team of three South African
security consultants reported a flaw in Microsoft's Internet Explorer
that lets them breach the security of virtually any firewall-protected
network.

The security breach uses a Trojan horse program, which is a program
designed to look like something innocuous, but which actually carries
a dangerous cargo to the deepest recesses of your protected network.
The consulting trio, Roelof Temmingh, Haroon Meer, and Charl van der
Walt, wrote a demonstration version of the Trojan horse program,
called Setiri, and demonstrated it at the conference.

Setiri propagates like many viruses -- via e-mail or an indiscreet Web
download. Unlike a virus, however, it doesn't replicate itself.
Instead, it opens an invisible window in IE that then connects to a
secret Web server via an anonymous Web proxy called Anonymizer.com.
Once Setiri reaches its mother ship, it can execute arbitrary commands
on the infected user's computer, allowing it to do such things as
install keystroke logging software or extract sensitive data files
(such as password registries). By using Anonymizer.com, the identity
of the mother ship site is hidden.

Perhaps the most astounding fact about this demonstration is that
Setiri does not exploit a hitherto-unrevealed Microsoft bug, as many
prior viruses and Trojans have done. No, Setiri uses only standard
features built into IE. Microsoft routinely uses the invisible window
feature of IE to send surreptitious e-mails from a user's computer
back to its own mother ship, Microsoft.com.

Many people have warned for years that such Microsoft "back door"
features can be uncovered and exploited by hackers. This is yet
another instance of Microsoft inflicting damage on its own users
through bad software architecture. Despite the fact that Roelof and
his colleagues promise not to release their Trojan onto the Internet,
the very fact that they have produced the program has spurred others
to duplicate their work. At the same conference, a hacker in the
audience claimed to have already produced a similar poison pill.

For its part, Microsoft has reportedly acknowledged the invisible
window problem and promised to look into a fix. In the meantime, you
use IE at your own risk.

Biographical information for the Setiri developers and an abstract of
their presentation is available online at

http://www.defcon.org/dcx-speakers.html .


___________________________
Copyright 2002, Penton Technology Media
http://www.iSeriesNetwork.com
http://www.e-ProMag.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.