full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Beware the firefox ZER

Re: [Full-disclosure] Beware the firefox ZERO DAYZZZZ

From: Memisyazici, Aras <arasm_at_nospam>
Date: Sun Aug 17 2008 - 16:19:27 GMT
To: <full-disclosure@lists.grok.org.uk>

@T Biehn:

Please allow me to apologize for if I misunderstood your claim(s)... However, in your subject you are warning us about a FF 0-day while all you provide as 'proof' is anubis' examination of the 'after-the-fact' ...

Could you pls give us a li'l more? Perhaps some logs (browser URL history, firewall, AV, event logs all scrubbed for non-related data), your FF version at the time of pwnage, a brief personal account on how this 'might' have happened etc etc might help us analyze and prep better for it.

In the meantime, it looks like it's pretty easily detectable per the prev. reply and I'd like to note that Ikarus ID'd one of it's components as:

PWS.Win32.Zbot.G (Sig-Id:20421721)

So... Thx for the analysis but looks like more info is needed IMO! :)

Aras 'Russ' Memisyazici
Systems Administrator
Office of the Vice President for Research Virginia Tech

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/