[Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

warpmedia warpmedia at comcast.net
Fri Oct 3 02:13:04 GMT 2003


Yet again proof that JS & ActiveX should be considered unsafe for general 
browsing and that M$ not catching bugs properly ought to add a zone 
management to the IE taskbar, distribute appropriate .reg patches to add 
security zones that enable JS & ActiveX (separately, granular), and set IE 
to restricted zone by default. Usability of windows update be damned.

As it is know I'd have to pay someone for a program to do the zone 
switching or put up with IE's limited "add to trusted" command.


At 14:13 10/2/2003, Benjamin M.A. Robson wrote:
>All,
>
>Since I am on a bit of a role with these postings, here's another one.
>
>(If they are getting to be a bit much to bear let me know and I will 
>shut-up for a while)  ;-P
>
>BenR.
>
>
>Purpose:                Security Officer Alert
>Subject:                Internet Explorer 6 Vulnerability and Exploit
>                                 Trojan: Qhosts-1
>                                       (possible variant of 'Delude')
>Threat Level:           Medium
>Date:                   3rd October 2003
>Systems Affected:    Windows NT, Windows ME, Windows 2000,
>                            Windows XP, Windows 9x (TBC),
>                            Windows Server 2003 (TBC)
>

Joshua MacCraw
warpmedia at comcast.net
http://mywebpages.comcast.net/jmaccraw 




More information about the list mailing list