Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: Trojan found from gam website

[bsa_pro_ad_space id=2]
#680240
Anonymous
Inactive

What is a IEPageSpoof trojan so whats the problem

The Problem

The DHTML Editing Control is vulnerable to a cross-domain violation. When the DHTML Editing Control opens the content from a website, it appears to operate within the security context of that website. While the DHTML Editing Control has the security context of the opened site, the DHTML Editing Control is under full control of the page that hosts it. Working indirectly through the DHTML Editing Control, a website in one domain has the ability to access information in another domain or zone.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker may be able to execute script in the Local Machine Zone. Script that executes in the Local Machine Zone can be used to download and execute arbitrary code. An attacker may obtain full access to web content in another domain, which may reside in a different security zone. The impact is similar to that of a cross-site scripting vulnerability. This includes the ability to spoof or modify web content, access website information such as cookies, or retrieve data from an encrypted HTTPS connection. For a more detailed description of the impact of cross-site scripting vulnerabilities.

I never claimed to be an expert at anything. Now take a good hard look at the facts. Its a worm!!!launched via email or website installs scripts which can do many things. Now its your turn do be the expert and tell me what this says. Because I viewed this worm last week. greek39