In (e-mail address removed), this is what LAKEBUNNY had to say :
| this is a trojan virus thanks to norton it saved me............
| beware.....this web site is a virus.
|
http://elmue.de.vu
This is what I found on this same site
This chap is very keen to point out the obvious difference. I've patched IE
so I'm not vulnerable to these holes. But NAV *did* pop up a warning exactly
as the author of the site predicted.
Elmue has also created one or two files which plug various holes / exploits
in IE. Have a good look at his site before jumping to any conclusions.
===================================
«ElmüSoft Internet Explorer Security Check
This homepage checks your Internet Explorer for 2 dangerous security holes.
Both security holes allow a webpage to execute code on your computer, delete
files or manipulate data.
If a security hole exists, a warning will be displayed.
Some virus scanners alert when you visit my homepage and tell they found the
trojan "Exploit Byte Verify" and / or "Femad.B" in the file "counters.jar".
(depending on the virus scanner)
But, don't panic !
This file is NOT malicious.
It is a Java Applet, that does nothing more than download another file from
my homepage.
This file then displayes a warning if your Internet Explorer has one of the
SECURITY HOLES.
With this Applet it would be THEORETICALLY possible to download malicious
content from a webpage and install it on your computer without asking you,
so some virus scanners alert.
But the file itself "Counters.jar" is NOT malicious. It COULD be abused for
malicious purposes, which I do not.
On my homepage it just checks, if you have a security hole and then it
displays a big warning.
These Internet Explorer security holes are VERY dangerous (a webpage has
FULL access to your harddisk) so I will not remove this security check from
my homepage.
If you use a virus scanner you have to live with this alarm.
Solution:
These security holes, which are only two of many, are removed by installing
a new version of the Java Virtual Machine (Microsoft VM). (Q816093)
www.windowsupdate.microsoft.com
But this is not a permanent solution!
The securest way to avoid Internet Explorer security holes is:
Stop using Internet Explorer and Outlook Express at all !
Even if you installed all the actual security patches from Microsoft,
tomorrow a new security hole will be found which will be abused by lots of
webpages.
Every month a new security hole in Internet Explorer!
If you use Internet Explorer and Outlook Express, you keep on installing
patches until the end of your life.
Further Information at Network Associates:
vil.nai.com/vil/content/v_100261.htm
Exploit Byte Verify
Risk Assessment = Low
This detection covers Java applets that attempt to exploit the Microsoft
Security Bulletin MS03-011 vulnerability.
The severity of this Internet Explorer vulnerability is considered to be
critical.
It allows an attacker to execute malicious code, simply by visiting an
infectious website.
Detections of this exploit do not necessarily mean that any malicious code
was executed.
It simply means that a Java applet was found to contain the exploit code.
All vulnerable systems should apply the patch from Microsoft.
Patched systems are immune from the effects of the exploit code.
However, detection will still occur on files attempting to make use of this
exploit.
Symptoms:
There are no obvious signs of infection
Further Information at Trend Micro:
www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A
JAVA_FEMAD.B
Overall risk rating: Very Low
Femad.B arrives within a .JAR file (Java archive) and is accompanied by some
components that Trend Micro detects as JAVA_BYTVERIFY.A.
Java_ByteVer.A
Overall risk rating: Low
This is Trend Micro's detection for JAVA classes that exploit a known
vulnerability in
Microsoft Virtual Machine in Windows Operating Systems and Internet
Explorer.
This flaw allows malicious users to execute code of his or her choice when a
user visits an infected Web site.
To know more of this vulnerability, how to determine a vulnerable system,
and how to install security patches,
continue reading on Microsoft's Web site at this link:
www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulleti
n/ms03-011.asp»
ElmüSoft Sicherheits Lücken Check:
http://www.netcult.ch/elmue/VirInfo-en.htm
--
Regards,
Sparky
ONE OF THE MANY MURPHY'S LAWS OF COMBAT : When in doubt, empty the magazine.
