'Insurance' code injection attack

Discussion in 'ASP .Net' started by sati, Nov 18, 2003.

  1. sati

    sati Guest

    Thanks.. Since my last post, I have identified a few more
    facts on this case.

    This code injection occurs in the client browser. The Web
    server seems to be sending correct page. So far, I have
    identified just one user machine that seems to be infected.

    Even in the client machine, if we look at the html source
    code, this injection code does not exist. If this is true
    than I have no way of knowing how the page is getting
    rendered on other client machines.

    Seems like a BIG security Flaw in IE.

    However, for this time, do you think Spybot S&D or
    HackThis can take care of this?

    Does anyone else have any more bright ideas on this one?


    >-----Original Message-----
    >"Sati" <> wrote in

    message
    >news:025301c3ad5e$76c3a450$...
    >> Hi All,
    >> Does anyone know how to clean a asp application from a
    >> virus that converts labels with the word 'Insurance'

    into
    >> link button to a web page. It also injects text in the
    >> textbox when the textbox.text has any reference to
    >> this 'insurance' word.
    >>
    >> I am using custom controls on custom page. This

    injection
    >> seems to be occurring after the pre-render event.

    >
    >Download SpyBot S&D and perhaps even HackThis! as it

    sounds more like you
    >have a spybot of some sort active.
    >
    >
    >.
    >
     
    sati, Nov 18, 2003
    #1
    1. Advertising

  2. This isn't as much a security flaw of IE as it is of platforms in general.
    If the user can run arbitrary code with administrative permissions, then the
    user can run a virus that modifies their system to do basically anything it
    wants. Run a virus scanner and a spyware remover, and this should clean up
    most things. If your users are in a corporate environment, then plan an
    initiative to get everyone in your organization running as limited users who
    are no allowed to run arbitrary code on the machine.

    --
    Chris Jackson
    Software Engineer
    Microsoft MVP - Windows Shell/UI
    Windows XP Associate Expert
    --
    More people read the newsgroups than read my email.
    Reply to the newsgroup for a faster response.
    (Control-G using Outlook Express)
    --

    "sati" <> wrote in message
    news:078801c3ade3$417d0680$...
    > Thanks.. Since my last post, I have identified a few more
    > facts on this case.
    >
    > This code injection occurs in the client browser. The Web
    > server seems to be sending correct page. So far, I have
    > identified just one user machine that seems to be infected.
    >
    > Even in the client machine, if we look at the html source
    > code, this injection code does not exist. If this is true
    > than I have no way of knowing how the page is getting
    > rendered on other client machines.
    >
    > Seems like a BIG security Flaw in IE.
    >
    > However, for this time, do you think Spybot S&D or
    > HackThis can take care of this?
    >
    > Does anyone else have any more bright ideas on this one?
    >
    >
    > >-----Original Message-----
    > >"Sati" <> wrote in

    > message
    > >news:025301c3ad5e$76c3a450$...
    > >> Hi All,
    > >> Does anyone know how to clean a asp application from a
    > >> virus that converts labels with the word 'Insurance'

    > into
    > >> link button to a web page. It also injects text in the
    > >> textbox when the textbox.text has any reference to
    > >> this 'insurance' word.
    > >>
    > >> I am using custom controls on custom page. This

    > injection
    > >> seems to be occurring after the pre-render event.

    > >
    > >Download SpyBot S&D and perhaps even HackThis! as it

    > sounds more like you
    > >have a spybot of some sort active.
    > >
    > >
    > >.
    > >
     
    Chris Jackson, Nov 18, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Sati
    Replies:
    6
    Views:
    411
    Dino Chiesa [Microsoft]
    Nov 19, 2003
  2. TCORDON

    Injection Attack

    TCORDON, May 24, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    498
    Steve C. Orr [MVP, MCSD]
    May 25, 2005
  3. Ranginald
    Replies:
    10
    Views:
    887
    Ranginald
    Apr 27, 2006
  4. kaisser

    Insurance!!!!

    kaisser, Jun 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    402
    kaisser
    Jun 20, 2006
  5. Sati

    Insurance triggers a code injection attack

    Sati, Nov 17, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    147
    Steve
    Nov 18, 2003
Loading...

Share This Page