On mySimon: Nike SB Eugene Backpack
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 11 of 24:
Next »
« Previous
Absolute nonsense.
Linux is just as susceptible to worms, virus and trojans.

Only operating systems that incorporate the conmpletely unsandboxed ActiveX are going to be as vulnerable. And for now that's only OSes from Microsoft. ActiveX is the result of a boneheaded decision made by Microsoft back in the early 90's to place customer security in the back seat in favor of usurping the Web through adding irresistible bells and whistles to Windows and Internet Explorer. Despite the warnings of numerous security experts down the years and wave after wave of ActiveX-enabled attacks, the company has refused to do what is required to completely fix the problem: remove it.

H D Moore, founder of the Metasploit malware toolkit, created a "fluffer" tool for locating potentially exploitable weaknesses in ActiveX controls:

http://metasploit.com/users/hdm/tools/axman/

A recent article about Mr. Moore has this frightening quote:

"Moore claims that, while he found more than 100 vulnerabilities in standard ActiveX components, almost another 100 exist in the ActiveX components installed by popular applications, such as Microsoft Office. While most of the issues discovered by Moore, who is also the founder of the Metasploit Project, are simple denial-of-service problems, about a dozen are remotely exploitable issues in ActiveX controls for Internet Explorer, he said.

"There are a couple of classes that have so many vulnerabilities that I had to black list the entire class," Moore said."

Although this particular worm doesn't appear to need ActiveX help on its initial install, reading F-Secure's description, we find:

The worm can modify Active Desktop files in order to launch another copy of itself named 'WinZip_Tmp.exe' using the ActiveX control.

First ActiveX-enabled exploit to appear in the wild: 1993
Latest ActiveX-enable exploit in the wild: out now and currently unpatched.
Posted by: UserLand   Posted on: 11/09/06 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Google accidentally sends out e-mail worm  Loverock Davidson | 11/08/06
Google accidentally...  rondev | 11/08/06
Its true  Loverock Davidson | 11/08/06
I belive Google's "accident" was deliberate.  Mr. Roboto | 11/08/06
I believe Google's  rondev | 11/08/06
Why not  DarbyOhara | 11/09/06
Google sends out snailmail  Hugh G. Rection | 11/09/06
Negligence  epcraig | 11/08/06
Please the Linux comments are pretty old  CyberIntelGuru | 11/09/06
Please, the Linux comments...  rondev | 11/09/06
Absolute nonsense.  UserLand | 11/09/06
What Linux do you run?  NonZealot | 11/09/06
More nonsense.  UserLand | 11/09/06
Even more nonsense  NonZealot | 11/09/06
More misinformation.  UserLand | 11/09/06
Userland, its nap time for you!  NonZealot | 11/10/06
Not nonsense  3D0G | 11/09/06
Realize...  UserLand | 11/09/06
So wrong it hurts  NonZealot | 11/09/06
LOL  UserLand | 11/09/06
You think that's funny?  NonZealot | 11/10/06
first worm...  alpha_server | 11/09/06
True enough...  slow_descent | 11/09/06
But, but, but...  NonZealot | 11/09/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet. You’ll be glad you did.
  • Produced by
    ZDNet and