Zero Day Defects & mk:@MSITStore

The concept of a zero day defect was first discussed around November 2000. It was described as malware being “out long before anyone knows how it infects, let alone how to fix it. No notice of vulnerability is spread about the skiddie newsgroups, the virus writers aren’t gloating about it and it doesn’t appear on Bugtrap……

In October 2001, Paul Komski posted & set up an executable script on an html page proving the concept of a undiscovered untalked about defect was possible. His was not malware, it was just an example of a defect that nobody was discussing or talking about which could effect every computer in the world before anyone knew. In other words he downloaded an executable script to the browser as soon as someone entered the Web Page in their browser. No other activity except browsing was necessary.

In November 2001, Roozbeh Afrasiabi discovered a vulnerability which he called referred to as the mk:@MISITStore vulnerability. As noted in his advisory of November 2004, Microsoft failed to respond to his complaint so he published them to the world.

About Spring 2004, chat rooms had lit up with complaints of the powers of the mk:@MSITStore exploits. Its reported on dial-up to activate a dial-up connection as soon as the machine is turned on, to switch the homepage, and alters the Favorites. It is actually possible to have all the privileges of a user with this exploit, including dial-up connecting to the web, opening windows, surfing, etc. The only thing it can’t do is turn the machine on and that’s not to far fetched as the BIOS can be set to activate on dial-in. So in reality the only thing it is really not capable of is unplugging the machine.

Nothing much happened until 6/14/2005 when Symantec published a Notice of the a Remote Code Execution Vulnerability operating on the mk:@MSITStore function.

Our Expert Genius from Washington said oath that there was no such exploit, it couldn’t operate on dial up and Trojans were not used to automate porn delivery. She also testified that these issues were not related to national security. That’s the scientific equivalent of asserting the earth is flat and the pictures of spacewalks, and men on the moon were created in Hollywood.

For those who don’t know, this thing has mutated about half a dozen times and like AIDS, you may be able to hold it at bay for awhile but sooner or later a new Unsuspecting Web Page will reactivate the next generation from the the sleeper in the FAT partition.

People have learned to cope with AID’s so I guess I can learn to deal with the continuous assaults by the GEN-X version of this bad boy.

I don’t know whether to call it a Trojan, malware, or spookware. I don’t really care what I call it. In the local vernacular, Jumbies are devilish spirits that mess with your life. Since Remote Code Execution Vulnerability is clumsy, I’ll just call all this kind of crap Jumbieware.

2 Responses to “Zero Day Defects & mk:@MSITStore”

  1. Bizmaster Says:

    Very Interesting. In the middle of my response to Mike E. The power went out in the middle of the post, but I snuck it through. I have four machines that have been trashed while researching this project. I have one almost working but I cant seem to sign in fatsavage.wordpress.com to write a new post. Last night I tried to watch TV and found I had no cable signal. Guess I shouldn’t watch the CNN report about the FBI overstepping their powers.

    So now I’ll check to see if I can add comments. Then I’ll recheck my firewall settings to see if it’s me.

    I went to another blog and tried to check in. It responded that my password was incorrect, when I changed it to the correct one it wouldn’t let me in so I guess its not the firewall.

    Bizmaster is the business name for the Fat Savage.

  2. Fat Savage Says:

    For a parallel legal case where a school teachers laptop went wild with pop-up porn, Check issue 23 of First Line Of Defense at Trendmicro. You can reach it by going to their site and putting “First Line of Defense” into their search Engine or trust the link below.

    http://newsletters.trendmicro.com/servlet/website/ResponseForm?mgLEVTTA_TWTV_.40ev.2e_ew_8LlmwkHJmpJLl

    When you click any of the links on issue 23 it will take you to the index of that issue and you’ll find out how she’s guilty of pushing porn to kiddies and facing 40 years.

    Must be getting spooked about everything -just remembered something about needing cookies with wordpress so I’ll check that out. First I’ll see if I can post in my own name.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: