Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > OS X Security flaw Epilogoue: MS's Download.Ject, or what could have been

OS X Security flaw Epilogoue: MS's Download.Ject, or what could have been
Thread Tools
alcatholic
Fresh-Faced Recruit
Join Date: May 2004
Status: Offline
Reply With Quote
Jun 25, 2004, 02:47 PM
 
In case anyone ever doubted the seriousness of the Launch Services flaw, and what could have been, here is a story from Slashdot on what seems to be a similiar attack scenario on Windows. And because its windows it got the attention of the major criminals who could have made our scariest nightmares come true by creating releasing the "Download.Ject" exploit. I believe it is Javasript, and is a living breathing visit a website and get owned thingie. Not just random sites, but apparantly mainstream sites that have been hacked.

Slashdot Story

ZDnet Article

Quote from article:
The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.
Slashdot post explaining more of exploit:
Since the article is very vague, what happens is that once they compromise the IIS server, they modify each site on the server to write a document footer to every page. The document footer calls a DLL placed in the %windir%\system32 directory. The DLL writes a line of JavaScript to each page which redirects the user to a remote server to download the malicious code.
I think the similarities are uncanny. This is exactly what could have been done to Mac users before Paranoid Android and the Apple patch. Of course, MS has known about the IE flaws since last fall and does seem to have fixed the "Javascript Downloads" vector through an XP update, although I don't think it has patched older IE versions. I haven't understood the full exploit, but the fact that a website redirect leads to a download (somepeople call them RATs, Remote Access Trojans) seems clear.

Slashdot work around description:
Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing
Microsoft FAQ on Download.Ject

OK, the reason I post is this gives us an opportunity to reevaluate the OS X flaw and Apple's response to it. What have we learned and did Apple solve the truly deep problem, call them RATs or whatever?

I have my doubts. Apple seems to have blocked the ability to launch apps we do not trust. Yet as we see with this MS Download.Ject website scripting is a powerful and exploitable tool. How much should websites be allowed to do?
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 12:59 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2