The concept of a zero day defect was first discussed around November 2000. It was described as malware being “out long before anyone knows how it infects, let alone how to fix it. No notice of vulnerability is spread about the skiddie newsgroups, the virus writers aren’t gloating about it and it doesn’t appear on Bugtrap……
In October 2001, Paul Komski posted & set up an executable script on an html page proving the concept of a undiscovered untalked about defect was possible. His was not malware, it was just an example of a defect that nobody was discussing or talking about which could effect every computer in the world before anyone knew. In other words he downloaded an executable script to the browser as soon as someone entered the Web Page in their browser. No other activity except browsing was necessary.
In November 2001, Roozbeh Afrasiabi discovered a vulnerability which he called referred to as the mk:@MISITStore vulnerability. As noted in his advisory of November 2004, Microsoft failed to respond to his complaint so he published them to the world.
About Spring 2004, chat rooms had lit up with complaints of the powers of the mk:@MSITStore exploits. Its reported on dial-up to activate a dial-up connection as soon as the machine is turned on, to switch the homepage, and alters the Favorites. It is actually possible to have all the privileges of a user with this exploit, including dial-up connecting to the web, opening windows, surfing, etc. The only thing it can’t do is turn the machine on and that’s not to far fetched as the BIOS can be set to activate on dial-in. So in reality the only thing it is really not capable of is unplugging the machine.
Nothing much happened until 6/14/2005 when Symantec published a Notice of the a Remote Code Execution Vulnerability operating on the mk:@MSITStore function.
Our Expert Genius from Washington said oath that there was no such exploit, it couldn’t operate on dial up and Trojans were not used to automate porn delivery. She also testified that these issues were not related to national security. That’s the scientific equivalent of asserting the earth is flat and the pictures of spacewalks, and men on the moon were created in Hollywood.
For those who don’t know, this thing has mutated about half a dozen times and like AIDS, you may be able to hold it at bay for awhile but sooner or later a new Unsuspecting Web Page will reactivate the next generation from the the sleeper in the FAT partition.
People have learned to cope with AID’s so I guess I can learn to deal with the continuous assaults by the GEN-X version of this bad boy.
I don’t know whether to call it a Trojan, malware, or spookware. I don’t really care what I call it. In the local vernacular, Jumbies are devilish spirits that mess with your life. Since Remote Code Execution Vulnerability is clumsy, I’ll just call all this kind of crap Jumbieware.