473,545 Members | 1,956 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

'Insurance' code injection attack

Thanks.. Since my last post, I have identified a few more
facts on this case.

This code injection occurs in the client browser. The Web
server seems to be sending correct page. So far, I have
identified just one user machine that seems to be infected.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on other client machines.

Seems like a BIG security Flaw in IE.

However, for this time, do you think Spybot S&D or
HackThis can take care of this?

Does anyone else have any more bright ideas on this one?

-----Original Message-----
"Sati" <an*******@disc ussions.microso ft.com> wrote in messagenews:02******* *************** ******@phx.gbl. ..
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection seems to be occurring after the pre-render event.
Download SpyBot S&D and perhaps even HackThis! as it

sounds more like youhave a spybot of some sort active.
.

Nov 18 '05 #1
1 1490
This isn't as much a security flaw of IE as it is of platforms in general.
If the user can run arbitrary code with administrative permissions, then the
user can run a virus that modifies their system to do basically anything it
wants. Run a virus scanner and a spyware remover, and this should clean up
most things. If your users are in a corporate environment, then plan an
initiative to get everyone in your organization running as limited users who
are no allowed to run arbitrary code on the machine.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Shell/UI
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"sati" <an*******@disc ussions.microso ft.com> wrote in message
news:07******** *************** *****@phx.gbl.. .
Thanks.. Since my last post, I have identified a few more
facts on this case.

This code injection occurs in the client browser. The Web
server seems to be sending correct page. So far, I have
identified just one user machine that seems to be infected.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on other client machines.

Seems like a BIG security Flaw in IE.

However, for this time, do you think Spybot S&D or
HackThis can take care of this?

Does anyone else have any more bright ideas on this one?

-----Original Message-----
"Sati" <an*******@disc ussions.microso ft.com> wrote in

message
news:02******* *************** ******@phx.gbl. ..
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection seems to be occurring after the pre-render event.


Download SpyBot S&D and perhaps even HackThis! as it

sounds more like you
have a spybot of some sort active.
.

Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
1301
'Insurance' Code injection attack
by: Sati | last post by:
Hi All, Does anyone know how to clean a asp application from a virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the textbox when the textbox.text has any reference to this 'insurance' word. I am using custom controls on custom page. This injection seems to be occurring after the...
ASP.NET
4
1644
SQL Injection Attacks
by: poppy | last post by:
I think a site I developed has been the victim of a sql injection attack.I know how to stop this happening in future but: Is there any way I can trace such an attack?
ASP.NET
5
2330
Injection Attack
by: TCORDON | last post by:
What is the best way to protect a site against it? Does anyone have a RegEx to help validate user input? TIA!
ASP.NET
10
23883
Preventing form injection on Classic ASP pages
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form injection attacks? I'm looking for good routines I can reuse on all of my form processing pages. Thanks.
ASP / Active Server Pages
4
2182
sample validation code for sql injection attact
by: ss | last post by:
hi, can anybody gives me a sample code where the sql injection attack is validated. how can i do that in business logic layer and pass the error to the presentation tier I want the sample code
ASP.NET
8
3668
Email injection on a contact form
by: stirrell | last post by:
Hello, One problem that I had been having is stopping email injections on contact forms. I did some research, read up on it and felt like I had created a working solution. I hadn't gotten any suspicious bouncebacks in quite some time and got many custom alerts I had set up for notifying me of injection attempts. However, just the other day,...
PHP
29
2094
IIS SQL Injection woes...
by: sinbuzz | last post by:
Hi, I'm curious about the best way to avoid SQL Injection attacks against my web server. Currently I'm on IIS. I might be willing to switch to something like Apache but I'm not sure if SQL Injection is is a generic enough of an attack to cause me worries once I make the
C# / C Sharp
2
2153
SQL Injection Attack
by: ozzii | last post by:
I have read a number of articles on sanitizing user input before executing SQL queries to prevent SQL injection attacks. I have a html form which a user can fill in - the information from which is used to INSERT data into a database table. I am using the following asp functions function to remove bad characters from user inputs before using...
ASP / Active Server Pages
16
4400
SQL Injection Attack Discussion
by: ChipR | last post by:
Since we're talking about filters, make sure you also use a filter for semicolons (at the minimum) on any input that is going directly into an SQL statement to prevent your entire database from being deleted. See SQL Injection Attack. Admin Edit. This discussion was split off from the original thread, which can be found at Force .DefaultValue...
Microsoft Access / VBA
0
7484
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
General
0
7675
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
C / C++
1
7440
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
Windows Server
0
7775
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
General
0
5997
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
Career Advice
1
5344
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
Microsoft Access / VBA
0
4963
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
C# / C Sharp
0
3470
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
Networking - Hardware / Configuration
0
726
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us