windows 2000 + msie6 + spyware

[Marty]

I use Windows 2000 at work, and have all the lates updates installed.
While wasting time, er, doing research last week, I brought up
Internet Explorer, my homepage had gotten set to our old friend,
default-homepage-network.com, specifically
http://default-homepage-network.com/start.cgi?si-001
As soon as it came up, Norton anti-virus popped up saying it isolated
a virus in the cache, and at the same time, my download manager
(Internet Download Manager) popped up two dialogs asking me where I
wanted to save two other files (one was hp1.exe, a virus/trojan, I
believe).

Now, I don't ever allow sites to install anything I'm not sure I know
about, and I don't ever open strange attachments. I don't even use
Outlook express (I use The Bat, which doesn't run any active-x or even
full HTML).

This is with full updates, and default security settings. If I up the
security setting to high, nothing happens at this site. If I bring it
up in XP pro, it displays the dumb ad for spyware spyware remover, but
doesn't try to download anything (visibly, anyway).

Is this a known problem with Windows 2000?

This site, by the way, claims they don't install anything on your
computer. So I tried emailing to abuse, postmaster, and admin (the
address in charge of the domain in the registry) and all of them
bounced. The sleazeballs don't seem to care, in spite of their
claims.

 

[Rick]

I use Windows 2000 at work, and have all the lates updates installed.
While wasting time, er, doing research last week, I brought up
Internet Explorer, my homepage had gotten set to our old friend,
default-homepage-network.com, specifically
http://default-homepage-network.com/start.cgi?si-001
As soon as it came up, Norton anti-virus popped up saying it isolated
a virus in the cache, and at the same time, my download manager
(Internet Download Manager) popped up two dialogs asking me where I
wanted to save two other files (one was hp1.exe, a virus/trojan, I
believe).

Now, I don't ever allow sites to install anything I'm not sure I know
about, and I don't ever open strange attachments. I don't even use
Outlook express (I use The Bat, which doesn't run any active-x or even
full HTML).

This is with full updates, and default security settings. If I up the
security setting to high, nothing happens at this site. If I bring it
up in XP pro, it displays the dumb ad for spyware spyware remover, but
doesn't try to download anything (visibly, anyway).

Is this a known problem with Windows 2000?

This site, by the way, claims they don't install anything on your
computer. So I tried emailing to abuse, postmaster, and admin (the
address in charge of the domain in the registry) and all of them
bounced. The sleazeballs don't seem to care, in spite of their
claims.

Hey that's nothing. Try visiting http://astalavista.box.sk/ with
default Windows security settings, and watch your system
become infected with a half dozen downloaded spywares,
virii etc files (check your temp folder and registry startup
entries afterwards) without any user interaction whatsoever.

IE is still a security disaster.

Rick

 

[Marty]

Back on Sat, 22 May 2004 21:05:51 -0700, while hiding out in

Hey that's nothing. Try visiting http://astalavista.box.sk/ with
default Windows security settings, and watch your system
become infected with a half dozen downloaded spywares,
virii etc files (check your temp folder and registry startup
entries afterwards) without any user interaction whatsoever.

IE is still a security disaster.

I tried it with XP pro and default security settings, and nothing out
of the ordinary happened. Does it only happen with Windows 2000? If
so, what is it about the OS that does this? Sort of what I was trying
to figure out with my original post.

 

[Jason Hall [MSFT]]

--------------------

From: Marty <[email protected]>
Newsgroups: microsoft.public.win2000.general
Subject: Re: windows 2000 + msie6 + spyware
Date: Sun, 23 May 2004 04:32:29 GMT
Back on Sat, 22 May 2004 21:05:51 -0700, while hiding out in

I tried it with XP pro and default security settings, and nothing out
of the ordinary happened. Does it only happen with Windows 2000? If
so, what is it about the OS that does this? Sort of what I was trying
to figure out with my original post.

--------------------

If you go to IE > Tools > Internet Options > Security and then click on the
"Custom Level..." button for the Internet zone, you will be able to see
what "default security" really means in IE.
The reason you are getting problems really depends on exactly what method
the malware is using to reach your machine. I would suggest placing any
suspect sites in the "Restricted sites" zone, which has strict security
settings to avoid any malicious activity.


--
~~ JASON HALL ~~
~ Performance Support Specialist,
~ Microsoft Enterprise Platforms Support
~ This posting is provided "AS IS" with no warranties, and confers no
rights.
~ Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
~ Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[Marty]

Somewhere around Mon, 24 May 2004 17:45:12 GMT, while reading
microsoft.public.win2000.general, I think I thought I saw this post from
(e-mail address removed) (Jason Hall [MSFT]):

If you go to IE > Tools > Internet Options > Security and then click on the
"Custom Level..." button for the Internet zone, you will be able to see
what "default security" really means in IE.
The reason you are getting problems really depends on exactly what method
the malware is using to reach your machine. I would suggest placing any
suspect sites in the "Restricted sites" zone, which has strict security
settings to avoid any malicious activity.

I know what the settings are, and I balance ease of use with possibility of
hijaaking and how much it takes to dig out from that; not that big a deal,
usually, for me, and it rarely happens. I have no idea where it happened; I
sometimes browse around strange sites here and there looking for something,
and one of them got to me. It took me about 5 minutes to undo its damage.

I know it could have been worse, and maybe oneday I'll have to eat my words.
But I'm always learning, and I mainly want to know how they manage to do
some of these things they do. Normally, we all blame the victim for
clicking on something, opening an attachment, etc. But I've now seen
examples where that definitely wasn't the case.