|LateNightHacking Louis Projects 2004||Auth|
2004-05-19 : I was surfing the net, not clicking on anything bad, when suddenly I got a crash dialog from a spyware app. Checking my task list, sure enough I suddenly had a bunch of spyware apps running! I quickly unplugged from the net, then set about to discover what had happened. Was it a worm spreading on the corporate intranet? Nope. It turned out to be a web-page based remote code execution exploit, CAN-2004-0380. My guess is that an ad server was compromised, causing the exploit to be run on every client to which it served an ad. Here are my notes as I tracked down how my machine was attacked. It turns out that the patch had been released in April, but my company had chosen not to install it yet.
Moral: It is imperative you keep up with the security patches!
My raw notes.
|Louis K. Thomas <loui sth@hotm ail.co m>||Auth||2004-05-21 (4723 days ago)|