BHO, Browsers and related / Port 3705 / ISCAlert Portuguese version
Today an user sent a question about the BHO
(Browser 'Helper' Object) and other browsers than IE. Tom
Liston, one of our ISC Handlers, answered:
"...this could be an issue for any of the major browsers.
While BHOs *are* specific to IE, Mozilla based variants
have "extensions", and all other browsers have a means to
extend their functionality.
The issue under IE is that BHOs can be silently installed
and there is no good way within IE to see what BHOs are on
your machine.
But *any* trojaned extension to *any* browser's
functionality could do the same thing that this malware
does. It then becomes a question of how difficult it is to
get it installed on the target machine..."
Still on the IE issues, we received a report about "a new
exploit targeting at users of Internet Explorer". According
the user, the trojan tries to overwrite the telnet.exe
executable. The file was submitted and we found out that it
is already detectable by AV as the
win32/TrojanDownloader.Harnig.Q trojan.
Another report asks about MAC exposure in the online
banking threat from yesterday's diary. As far as we know,
the binary will only run in Windows.
Banking Spyware Snort Sigs
About yesterday´s diary "New scam targets bank customers", Matt
Jonkman just pointed us to the Snort Signatures for the
Banking Spyware that are posted at bleedingsnort.com:
#Thanks James Ashton
alert tcp $HOME_NET any -> any 80 (msg:"BLEEDING-EDGE
Yesadvertising Banking Spyware RETRIEVE";
uricontent:"/img1big.gif"; nocase;
reference:url,isc.sans.org/presentations/banking_malware.pdf
; sid:2000336; rev:1;)
alert tcp $HOME_NET any -> any 80 (msg:"BLEEDING-EDGE
Yesadvertising Banking Spyware INFORMATION SUBMIT";
uricontent:"/cgi-bin/yes.pl"; nocase;
reference:url,isc.sans.org/presentations/banking_malware.pdf
; sid:2000337; rev:1; )
Reference:
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/Stable/MALWARE_Yesadvertising_Banking_Spyware
Port 3705
If you feel that you had enough of the IE<->BHO stuff, here
is something different. We observed an interesting graphic
about port 3705, but dont have much information about this
port. If do you have more info, please let us know.
Portuguese ISCAlert
Are you in portuguese language country?!
Download now the ISCAlert portuguese version!
http://www.labreatechnologies.com/ISCAlert_Portuguese.zip
------------------------------------------------------------
Handler on Duty: Pedro Bueno (bueno_AT_ieee.org)
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago