Desember 10, 2008 muncul exploit baru dan diduga belum ada patch-nya yang menyerang Internet Explorer 7 dengan platform yang bervariasi :
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Vista
Windows Vista Service Pack 1 and
Windows Server 2008. Tidak menutup kemungkinan juga akan menyerang IE versi berikut :
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
Microsoft Internet Explorer 6, dan
Windows Internet Explorer 8 Beta 2Ketika user mengakses situs yang sudah terinfeksi, maka dengan seketika Trojan akan masuk ke sistem user tersebut dan selanjutnya tentunya membuat pintu masuk untuk dikemudian hari. Secara spesifik belum tampak informasi apa yang dicuri, namun terlepas dari itu, sebagai pertahanan ada baiknya jangan sampai mengunjungi domain / ip berikut. Buatlah rule agar tidak mengunjungi domain/ip berikut:
baidu.bbtu01. cn - 61.160.213.194baidu.bbtu02. cn - 61.160.213.194baidu.bbtu03. cn - 61.160.213.194baidu.bbtu04. cn - 61.160.213.194baidu.bbtu05. cn - 61.160.213.194baidu.bbtu06. cn - 61.160.213.194baidu.bbtu07. cn - 61.160.213.194
baidu-baiduxin1. cn - 121.12.173.218baidu-baiduxin2. cn - does not resolve - possibly hostile in the futurebaidu-baiduxin3. cn - 59.34.197.63baidu-baiduxin4. cn - 121.12.173.218baidu-baiduxin5. cn -
61.143.211.187baidu-baiduxin6. cn - 121.12.173.218baidu-baiduxin7. cn - 121.12.173.218baidu-baiduxin8. cn - 121.12.173.218baidu-baiduxin9. cn - 59.34.197.63
baidu-baiduzi1. cn - 121.12.173.218baidu-baiduzi2. cn - 121.12.173.218baidu-baiduzi3. cn - 121.12.173.218baidu-baiduzi4. cn - 121.12.173.218baidu-baiduzi5. cn - 121.12.173.218baidu-baiduzi6. cn - 121.12.173.218baidu-baiduzi7. cn - 121.12.173.218baidu-baiduzi8. cn - 121.12.173.218baidu-du1.cn - 59.34.197.63baidu-du2.cn - 202.108.22.180baidu-du3.cn - 59.34.197.63baidu-du4.cn - 59.34.197.63baidu-du5.cn - 121.12.173.218baidu-du6.cn - 121.12.173.218baidu-du7.cn - 59.34.197.63baidu-du8.cn - 121.12.173.218baidu-du9.cn - 61.143.211.187sllwrnm1.cn - 59.34.216.92sllwrnm2.cn - 59.34.216.92sllwrnm3.cn - does not resolve - possibly hostile in the futuresllwrnm4.cn - 59.34.216.92sllwrnm5.cn -
59.34.216.92sllwrnm6.cn - 59.34.216.92sllwrnm7.cn - 59.34.216.92sllwrnm8.cn - 59.34.216.92sllwrnm9.cn - 59.34.216.92sllwrnm10.cn - 59.34.216.92sllwbd1.cn - 61.164.118.209sllwbd2.cn - 61.164.118.209sllwbd3.cn - 61.164.118.209sllwbd4.cn - 59.34.216.92sllwbd5.cn - 59.34.216.92sllwbd6.cn - 59.34.216.92sllwbd7.cn - 59.34.216.92sllwbd8.cn - 59.34.216.92sllwbd9.cn - 59.34.216.139sllwbd10.cn - 59.34.216.92zlwrnm1.cn - does not resolve - possibly hostile in the futurezlwrnm2.cn - does not resolve - possibly hostile in the futurezlwrnm3.cn - does not resolve - possibly hostile in the futurezlwrnm4.cn - does not resolve - possibly hostile in the futurezlwrnm5.cn - 59.34.216.139zlwrnm6.cn - does not resolve - possibly hostile in the futurezlwrnm7.cn - 59.34.216.139zlwrnm8.cn - 59.34.216.139zlwrnm9.cn - 59.34.216.139zlwrnm10.cn - 59.34.216.139zlwrnm11.cn -
59.34.216.139zlwrnm12.cn - 59.34.216.139zlwrnm13.cn - 59.34.216.139zlwrnm14.cn - 59.34.216.139zlwrnm15.cn - 59.34.216.139zlwrnm16.cn - does not resolve - possibly hostile in the futurezlwrnm17.cn - 59.34.216.139lwrnm18.cn - 59.34.216.139zlwrnm19.cn - 61.164.118.209zlwrnm20.cn - 61.164.118.209360avva.akvvv. cn - 58.53.128.136vip.4s3w.cn - 121.10.107.233cc4y7.cn - 58.215.76.155hhhh8886.cn - 121.12.104.88qqqqttrr.cn - 121.12.104.88rrrrrrryyy.cn - 121.12.104.88wwwwyyyyy.cn - 121.12.104.88fyesn.cn - 121.10.107.233Sementara dari Microsoft belum mengeluarkan patch, namun saran yang diberikan adalah lebih ke pertahanan website agar tidak mudah terkena SQL Injection. Berbagai alat perang yang tersedia seperti :
Scrawlr (http://www. communities. hp.com/securitys oftware/blogs/ spilabs/archive/ 2008/06/23/ finding-sql- injection- with-scrawlr. aspx)
UrlScan (http://learn. iis.net/page. aspx/473/ using-urlscan)
Daftarkan IE 7 kedalam DEPDemikian dan terima kasih. Mohon saran dan kritiknya. Referensi:
http://techrepublic .com.com/ http://techrepub lic.com.com/ 5208-12849- 0.html?forumID= 102&threadID=280885&messageID=2659346
http://www.shadowse rver.org/ wiki/pmwiki. php?n=Calendar. 20081210
http://www.microsof t.com/technet/ security/ advisory/ 961051.mspx
http://support. microsoft. com/kb/954476
dari milist sebelah
