'Insurance' code injection attack

  • Thread starter Thread starter sati
  • Start date Start date
S

sati

Thanks.. Since my last post, I have identified a few more
facts on this case.

This code injection occurs in the client browser. The Web
server seems to be sending correct page. So far, I have
identified just one user machine that seems to be infected.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on other client machines.

Seems like a BIG security Flaw in IE.

However, for this time, do you think Spybot S&D or
HackThis can take care of this?

Does anyone else have any more bright ideas on this one?
 
This isn't as much a security flaw of IE as it is of platforms in general.
If the user can run arbitrary code with administrative permissions, then the
user can run a virus that modifies their system to do basically anything it
wants. Run a virus scanner and a spyware remover, and this should clean up
most things. If your users are in a corporate environment, then plan an
initiative to get everyone in your organization running as limited users who
are no allowed to run arbitrary code on the machine.
 
Back
Top