[unisog] vml (and mdac?) exploited web sites

Gary Flynn flynngn at jmu.edu
Mon Feb 5 22:22:43 GMT 2007


power less wrote:
> I was curious as to what people should search for if they wanted to know 
> if vml (and mdac?) exploits had made it onto any web pages
> in their neighborhood. That would be a worthy cause, wouldn't it, 
> checking web pages for badness? I don't suppose there a free utility 
> that does that?

Microsoft has a project to search out malicious
web sites. They have some papers describing it
at:

http://research.microsoft.com/HoneyMonkey/

> "We literally find tens of thousands of these things every day -- 
> they're everywhere from big-name sites like this one to mom-and-pop 
> bakery shops," said Dan Hubbard, vice president of security research at 
> Websense. "It's definitely a good lesson in staying up to date on the 
> patches."
> 
> Well geez, how about we also
> 1. stop the miscreants from breaking in and planting crud on people's 
> web sites
> 2. detect this stuff so that web owners/institutions can remove such 
> malicious code as soon as it gets in

Our IPS systems detect malware and/or hostile scripts hosted on small
business, hobby, and other organizational web sites often enough to
be quite disconcerting. Since detection requires that someone in our
population access such a site, I can only surmise that there are a
lot more out there that we do not see.

Kind of makes the term "trusted web site" hard to
define.

-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security


More information about the unisog mailing list