Free P*rn via Internet Explorer Vulnerability

[s18000rpm]

"Free porn via an Internet Explorer Vulnerability? It sounds too good to be true, doesn't it? When was the last time anything good came out from a vulnerability affecting Microsoft's products? Well, joking aside, it does sound too good to be true. This because the free porn offering is an integer part of a social engineering scheme targeting users of unpatched versions of IE prior to Internet Explorer 7.

Sophos, an integrated threat management solutions provider, has warned of the discovery on an aggressive spam campaign promoting free pornography. But, instead of free explicit images and videos, victims will be hit with a Trojan horse. “Psyme-DL exploits a Microsoft Internet Explorer vulnerability, MS06-014, and when the weblink is accessed using Firefox, a message is displayed requesting the user to change browser,” explains Sophos. So if you use Firefox, you are safe. Also, Internet Explorer 7 and prior completely patched versions of the browser are not affected by this vulnerability.

The spammed messages contain a link redirecting the victims to a malicious website designed to download Psyme-DL via the ADODB stream vulnerability. No user interaction is necessary as the flaw allows for remote code execution.

“Despite the numerous warnings users have probably heard about safe computing and appropriate online behavior, emails with racy subject lines still seem hard to resist for some users,” said Carole Theriault, senior security consultant for Sophos. “By infecting machines belonging to users who thought they might steal a peak at some free porn, this malware campaign leads victims down a rathole they might feel embarrassed to be found in. The author of Psyme-DL is not just looking to humiliate but is also attempting to take control of the machines in order to spy, steal or cause havoc on PCs.” "

Source:: SoftPedia News

[anandk]

the key-words are 'unpatched ie'. quite posbl ! the porn sites mustve thought, lets hammer at a browser used by the majority, viz ie. so best to use an updated os/browser always ! nice piece of info, thanx !

btw, heard of Heatseek !? its is a pornography focused browser. the point of this software is to make porn browsing more efficient and more secure. the browser is available on windows machines only, and is built on top of internet explorer.

[s18000rpm]

^^ you know that HeatSeek browser Installs a Trojan.Generic

Curiosity might have Fcked up my PC , thank goodness i have Kaspersky on me side to forgive my sometimes Curious actions.

[caleb]

Quote:

Originally Posted by s18000rpm

"Free porn via an Internet Explorer Vulnerability? It sounds too good to be true, doesn't it? When was the last time anything good came out from a vulnerability affecting Microsoft's products? Well, joking aside, it does sound too good to be true. This because the free porn offering is an integer part of a social engineering scheme targeting users of unpatched versions of IE prior to Internet Explorer 7.

Sophos, an integrated threat management solutions provider, has warned of the discovery on an aggressive spam campaign promoting free pornography. But, instead of free explicit images and videos, victims will be hit with a Trojan horse. “Psyme-DL exploits a Microsoft Internet Explorer vulnerability, MS06-014, and when the weblink is accessed using Firefox, a message is displayed requesting the user to change browser,” explains Sophos. So if you use Firefox, you are safe. Also, Internet Explorer 7 and prior completely patched versions of the browser are not affected by this vulnerability.

The spammed messages contain a link redirecting the victims to a malicious website designed to download Psyme-DL via the ADODB stream vulnerability. No user interaction is necessary as the flaw allows for remote code execution.

“Despite the numerous warnings users have probably heard about safe computing and appropriate online behavior, emails with racy subject lines still seem hard to resist for some users,” said Carole Theriault, senior security consultant for Sophos. “By infecting machines belonging to users who thought they might steal a peak at some free porn, this malware campaign leads victims down a rathole they might feel embarrassed to be found in. The author of Psyme-DL is not just looking to humiliate but is also attempting to take control of the machines in order to spy, steal or cause havoc on PCs.” "

Source:: SoftPedia News

Thanks for the info
Am I happy that I updated my PC to IE7 just 4 days ago.
Hey about sophos, when I used to work in England that company used to use sophos and the IT director there, used to say that it is the best Antivirus.

[drsethi]

I never visit pornographic sites.
They always demand money and infect your computer.

[Vyasram]

Quote:

Originally Posted by drsethi

I never visit pornographic sites.
They always demand money and infect your computer.

ppl need open-source porn these days

[tarey_g]

Quote:

Originally Posted by anandk

the key-words are 'unpatched ie'. quite posbl ! the porn sites mustve thought, lets hammer at a browser used by the majority, viz ie. so best to use an updated os/browser always ! nice piece of info, thanx !

btw, heard of Heatseek !? its is a pornography focused browser. the point of this software is to make porn browsing more efficient and more secure. the browser is available on windows machines only, and is built on top of internet explorer.

Hmmm heatsek... i think everyone should try that . Btw the best porn browser is safari on mac .

Quote:

Originally Posted by Drsethi

I never visit pornographic sites.
They always demand money and infect your computer.

Internet is big, you will find everything here,free.

[s18000rpm]

Hey guys, didnt you read my second post here , the HeatSeek browser Installs a Trojan.Generic in this location=> "C:\Documents and Settings\<User Account>\Local Settings\Temp\is-PU9HQ.tmp\is-P35GQ.tmp"

Kaspersky AV detected it.

try this NeoDownloader Lite 2.1c (freeware) it has that section.

[anandk]

Quote:

Originally Posted by s18000rpm

^^ you know that HeatSeek browser Installs a Trojan.Generic

didnt know that ! never tried it !

true with kaspersky on ur side one can afford to be experimentative and reckless sometimes...