Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: affiliate drones

[bsa_pro_ad_space id=2]
#680290
Anonymous
Inactive

What is happening is cloaking then scraping. Cloaking is a different version of a web site the cloaked site is a black hatter scraped site. This is done by activex ( active scripting ).

So say a person goes to my site under cetain conditons it will show a different site for some people who have not patched the hole in their IE firewall. This hole in the firewall is a newly discovered one, found in December 2005. So for this to work you must have a unpatched firewall and the virus.

Alot of no good people are jumping on this expliotation to lauch such attacks. The virus already mentioned does the following according to microsoft

The DHTML Editing Control is vulnerable to a cross-domain violation. When the DHTML Editing Control opens the content from a website, it appears to operate within the security context of that website. While the DHTML Editing Control has the security context of the opened site, the DHTML Editing Control is under full control of the page that hosts it. Working indirectly through the DHTML Editing Control, a website in one domain has the ability to access information in another domain or zone.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker may be able to execute script in the Local Machine Zone. Script that executes in the Local Machine Zone can be used to download and execute arbitrary code. An attacker may obtain full access to web content in another domain, which may reside in a different security zone. The impact is similar to that of a cross-site scripting vulnerability. This includes the ability to spoof or modify web content, access website information such as cookies, or retrieve data from an encrypted HTTPS connection

This I believe enables your browser to do. So the people infected or who not updated the firewall patch when browsing are seeing different web pages.

By updating the IE firewall this closes this hole. This could explain the defensive nature of this guy.

Also this guy has never droppoed his url I wish he would. Closely read what microsoft had to say about this latest virus. It does alot more, an attacker can gain access too web content in another domain in a different security zone (possible firewall), modify web content, access website cookies ect..

Hey Dom I thought you were on holidays?

greek39

This is speculation!