[geeks] weird hijack of IE7

hike mh1272 at gmail.com
Tue May 19 20:15:14 CDT 2009


On Tue, May 19, 2009 at 5:09 PM, Francois Dion <francois.dion at gmail.com>wrote:

> On Tue, May 19, 2009 at 4:53 PM, Francois Dion <francois.dion at gmail.com>
> wrote:
> > This probably happens all the time, but I have a user that was
> > complaining he couldn't access one of our web based application. The
> > reason was that his IP was untrusted. It is as if he's coming from a
> > machine from scansafe.net, not from the actual trusted network he's
> > on. Only on IE 7, firefox is ok. Not sure what is at work here.
> >
> > I've seen scansafe in my logs before, they were doing some kind of
> > buffer overrun attack. Are they legit but incompetant or purely
> > malware?
> >
> > Seen that before?
>
> Oh, and just to clarify, the user has not installed web filtering, we
> already have one that is transparent. I am interested in the hijack
> part of scansafe.
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks
>


let's see....

IE7 is broken
Foxfire works
IE7 is an exploit magnet
some one has rerouted the computer's traffic through an unapproved site
without notification
the unapproved site has been found trying to break in (multiple times)

you ask, "Are they legit but incompetant or purely malware?"

i ask, "does it matter?"

incompetent means they have been cracked and are unaware.
that is, their intruder is making an attack on your systems.
malware means they are making an attack on your systems.



More information about the geeks mailing list