[Greasemonkey] Removing a trojan script loaded in the documenthead
Geir Aalberg
geir at fandom.no
Tue Jun 13 14:37:39 EDT 2006
on 06/12/2006 01:48 PM Jeremy Dunck said the following:
> On 6/11/06, Bill Donnelly <donnelly at snowcrest.net> wrote:
>> (since it's a loopback to your own computer, I'm pretty sure nothing is
>> being sent anywhere, so it's not a way to trojan, or grab info via
>> spyware,
>> or anything like that -- anyone disagree?)
>
> Once the data was sent to an unknown process, it could go anywhere,
> depending on what that process is. Using a local IP to another
> process is a fine way to escalate privileges.
Correct. Port 1029 is used by some viruses as a backdoor:
http://www.symantec.com/avcenter/venc/data/w32.kipis.a@mm.html.
But in this case the culprit seems to be ZoneAlarm, as already mentioned:
http://howardlewisship.com/blog/2005/05/i-wouldnt-install-google.html
-geir
More information about the Greasemonkey
mailing list