Code used to attack Google made public

Warning:
When analyzing a file (rather than a URL), Jsand does not examine external resources, such as iframes and scripts. In addition, properties such as document.location, document.referer, and document.cookie, which are sometimes used by malicious scripts, are not set.

This may affect the detection of malicious code.

用JPG代表
hxxp://demo1.ftpaccess.cc/demo/ad.jpg

個人的防護測試



[babayu 编辑于 2010-01-17 21:56]

MS 已經發出補丁  自動更新即可

Internet Explorer out of band patch released, update now

Windows Desktop downloads:
Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB978207)
Cumulative Security Update for Internet Explorer 6 SP1 for Windows 2000 SP4 (KB978207)
Cumulative Security Update for Internet Explorer 6 for Windows XP (KB978207)
Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB978207)
Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB978207)
Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 8 for Windows XP (KB978207)
Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows 7 (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows 7 x64 Edition (KB978207)

Windows Server downloads:

Cumulative Security Update for Internet Explorer 6 in Windows Server 2003 64-bit Itanium Edition (KB978207)
Cumulative Security Update for Internet Explorer 6 in Windows Server 2003 x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 6 in Windows Server 2003 (KB978207)
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB978207)
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (KB978207)
Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB978207)
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems (KB978207)
Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB978207)
Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems (KB978207)
Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 R2 x64 Edition (KB978207)

1/20最新報告此漏洞只影響x32  對x64完全沒作用

Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Published: January 20, 2010

Version: 1.0

Affected and Non-Affected Software

This advisory discusses the following software.Affected Software

Microsoft Windows 2000 Service Pack 4

Windows XP Service Pack 2 and Windows XP Service Pack 3

Windows Server 2003 Service Pack 2

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*

Windows 7 for 32-bit Systems

Non-Affected Software

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for Itanium-based Systems

http://www.microsoft.com/technet/security/advisory/979682.mspx

[babayu 编辑于 2010-01-21 20:30]

最近新闻里听说过，
过来关注一下。

网上说追查到是来自源是这个地方Hainan ,坐板凳继续观望．

原来用最新的ＩＥ和ＷＩＮ７版本和及时更新系统是让黑课来不及写功鸡程式啊，又学了点东西

linux+firefox 打不开

火狐（配备noScript）+nod32+磕毛豆

打不开

不敢以身示范了

呵呵，这个知道就行了，打开可就不敢了，万一出了意外，重装系统，磕太麻烦了

德法兩國※※勸告人民停止使用IE

French Government advises people to stop using IE

German Government asks people to stop using IE

The Microsoft Security Response Center (MSRC) 1/18 提出警告建議客戶  IE6 and IE7 更新為 IE8

Microsoft warns customers to upgrade from IE6 and IE7  --->IE8

http://blogs.technet.com/msrc/archive/2010/01/17/further-insight-into-security-advisory-979352-and-the-threat-landscape.aspx

[babayu 编辑于 2010-01-18 20:40]

這漏洞可以很多種的TYPE使用  不一定是JPG

可能因為 jpg 不是圖片的原因  MAC不用  應該沒事  如果是Win..................

[babayu 编辑于 2010-01-18 13:28]

說明
JPG 不是圖片 只是一段代碼 打不开 没看法 不代表漏洞沒啟動

下面剛剛用 Opera 測試 3圖 自己判斷

1  没看法  打不开 但是網頁灰的 AV防護啟動 這代表有毒的代碼與瀏覽器已經被AV鎖定  無法動作


2 AV自動清毒後 網頁回復正常(不是灰的)


3  1圖沒截圖好 再測試再截圖1次


[babayu 编辑于 2010-01-18 13:12]

报告，macintosh打不开

抢沙发，没看法