__/ [Mikkel Moldrup-Lakjer] on Monday 19 September 2005 16:31 \__
> Roy Schestowitz wrote:
>> It only comes to show how fragile the browser is. Although I have not
>> read any of the articles in depth, I can imagine that a good kernel would
>> never allow this. How can an actual browser be /injected/ with data? What
>> would be the purpose of allowing this? It's the equivalent of me stashing
>> my laundry in somebody else's apartment, coming back days later to find
>> that it was washed by accident.
> The article I linked to says:
> "Even users who mistype the www.google.com address are redirected to the
> fake site, which also supports the same range of languages as
> Google.com. This redirection is achieved by modifying the hosts file in
> the infected computer's operating system, which is a kind of address
> book used to quickly connect the browser to Web sites."
> However, earlier in the article it is explained, that the modification
> of the browser is achieved by deceiving users into installing a small
> program they believe is a free Star Wars game...
> So it would seem that explains it? The user has to willfully install the
Good investigate work collecting the appropriate bits...
I would now safely blame that opaque Registry mechanism. Doesn't it use some
mechanism for "trusted sources" or the like? I am not sure the users are
part of the problem (for willingly giving the worm a 'home'). That worm
could identify itself as anything it wishes. The O/S must assume that
malice exists too.
> What impresses me is the boldness of the people using dirty tricks in
> this case. And the fact that Adsense money is so big now, that it can in
> itself be the motive of creating a worm or a virus.
> It should be extremely easy to crack down on all the firms/advertisers
> who benefit from the worm by getting their Adwords ads on top of the
> SERPs. And/or to crack down on the people managing the server in
> Germany. Maybe they just figured they could make enough money before
> getting caugt, making it worthwhile.
[referring to my earlier point]
Do you reckon they have laundered their money yet?
Roy S. Schestowitz | Useless fact: ~70% of organisms are bacteria
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
8:30am up 25 days 20:44, 3 users, load average: 0.13, 0.29, 0.56