North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: On-going Internet Emergency and Domain Names

  • From: Fergie
  • Date: Fri Mar 30 23:12:53 2007

Hash: SHA1

- -- "Steven M. Bellovin" <[email protected]> wrote:

>Jeff Shultz <[email protected]> wrote:
>> I won't discount the assertion that there is some sort of emergency
>> occurring. I would however, like to see a bit of a reference to where
>> we can learn more about what is going on (I assume this is the
>> javascript exploit I heard about a couple days ago).
>No -- it's a 0day in Internet Explorer involving animated cursors --
>and it can be spread by visiting an infected web site or even by email.

Not that I like being in the position of correcting Steve :-) but the
real answer is "yes" and "no" -- or ctually just yes.

While the 0-day exploit is the ANI vulnerability, there are many,
many compromised websites (remember the embedded
javascript iframe redirect?) that are using similar embedded .js
redirects to malware hosted sites which fancy this exploit.

And some of them have vast audiences, increasing the potential
for a major "issue" -- TBD.

Track with the SANS ISC -- they're doing a good job of keeping the
community abreast.


- - ferg

Version: PGP Desktop 9.6.0 (Build 214)


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: