Comments on: Revisiting the Eleonore Exploit Kit http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/ In-depth security news and investigation Wed, 23 May 2012 21:31:36 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: JCitizen http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6140 JCitizen Tue, 25 May 2010 22:16:12 +0000 http://krebsonsecurity.com/?p=3176#comment-6140 I agree TJ; Most of the FF users I know make it a habit to "approve all on page" using the NoScript control wide open. With that set that way there is less advantage on page protection, unless they are at least using ABP. I agree TJ;

Most of the FF users I know make it a habit to “approve all on page” using the NoScript control wide open.

With that set that way there is less advantage on page protection, unless they are at least using ABP.

Like or Dislike: Thumb up 0 Thumb down 1
]]> By: JCitizen http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6139 JCitizen Tue, 25 May 2010 22:00:11 +0000 http://krebsonsecurity.com/?p=3176#comment-6139 Yes of course, any version including and after version 3.2.1.0401 is secure, even if it is not the latest version. That is probably why it is not flagging it. I guess I just assumed folks could read between the lines; I digress. Yes of course, any version including and after version 3.2.1.0401 is secure, even if it is not the latest version.

That is probably why it is not flagging it. I guess I just assumed folks could read between the lines; I digress.

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: Bart http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6136 Bart Tue, 25 May 2010 20:41:27 +0000 http://krebsonsecurity.com/?p=3176#comment-6136 I was just saying that Secunia did not flag my 3.2.1 version on their weekly scans. I was just saying that Secunia did not flag my 3.2.1 version on their weekly scans.

Like or Dislike: Thumb up 1 Thumb down 0
]]> By: JCitizen http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6108 JCitizen Tue, 25 May 2010 14:54:58 +0000 http://krebsonsecurity.com/?p=3176#comment-6108 Yes, Wladimir, of course. Thank you! Yes, Wladimir, of course. Thank you!

Like or Dislike: Thumb up 0 Thumb down 0
]]> By: BrianKrebs http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6099 BrianKrebs Tue, 25 May 2010 14:02:17 +0000 http://krebsonsecurity.com/?p=3176#comment-6099 Haha. Yes, and 197 people surfing porn with their iPhones!

Haha. Yes, and 197 people surfing porn with their iPhones!

Well-loved. Like or Dislike: Thumb up 7 Thumb down 0
]]> By: gregory http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6081 gregory Tue, 25 May 2010 10:26:29 +0000 http://krebsonsecurity.com/?p=3176#comment-6081 I'm also using Safari on Windows, though I generally use a different browser when accessing adult sites (therefore I'm probably not one of the six in the statistics) :) I’m also using Safari on Windows, though I generally use a different browser when accessing adult sites (therefore I’m probably not one of the six in the statistics) :)

Like or Dislike: Thumb up 1 Thumb down 0
]]> By: CyberNorris http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6079 CyberNorris Tue, 25 May 2010 09:07:53 +0000 http://krebsonsecurity.com/?p=3176#comment-6079 Hey look... there are six people running Safari on Windows! Hey look… there are six people running Safari on Windows!

Like or Dislike: Thumb up 2 Thumb down 2
]]> By: TJ http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6077 TJ Tue, 25 May 2010 08:28:00 +0000 http://krebsonsecurity.com/?p=3176#comment-6077 According Net Applications, MSIE's world market share is 59%. In this sample, MSIE accounted for just 47% of the total traffic. That means IE's traffic was actually under-represented compared to its world market share, yet (if you believe the Firefox numbers) it still accounted for a stunning 94.6 of the successful loads . That said, I agree with Brian's statement..."it seems highly unlikely that all of the nearly 5,600 Firefox users who visited the exploit sites detailed here escaped unscathed." According Net Applications, MSIE’s world market share is 59%. In this sample, MSIE accounted for just 47% of the total traffic. That means IE’s traffic was actually under-represented compared to its world market share, yet (if you believe the Firefox numbers) it still accounted for a stunning 94.6 of the successful loads .

That said, I agree with Brian’s statement…”it seems highly unlikely that all of the nearly 5,600 Firefox users who visited the exploit sites detailed here escaped unscathed.”

Like or Dislike: Thumb up 2 Thumb down 1
]]> By: Wladimir Palant http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6074 Wladimir Palant Tue, 25 May 2010 06:51:59 +0000 http://krebsonsecurity.com/?p=3176#comment-6074 Yes, the Firefox stats remain puzzling. Your guess that "these kits are detecting Firefox visitors as users of some other browser" isn't really likely - Firefox visit numbers make total sense. Maybe the exploit kit can correctly recognize Firefox visits but not infections through Firefox. But given that for the latter the browser is probably not used at all I cannot see how this can be. Btw, thank you for this Foxit hint - for some reason Foxit didn't notify me about an update yet. Yes, the Firefox stats remain puzzling. Your guess that “these kits are detecting Firefox visitors as users of some other browser” isn’t really likely – Firefox visit numbers make total sense. Maybe the exploit kit can correctly recognize Firefox visits but not infections through Firefox. But given that for the latter the browser is probably not used at all I cannot see how this can be.

Btw, thank you for this Foxit hint – for some reason Foxit didn’t notify me about an update yet.

Like or Dislike: Thumb up 2 Thumb down 0
]]> By: Wladimir Palant http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/comment-page-1/#comment-6073 Wladimir Palant Tue, 25 May 2010 06:42:32 +0000 http://krebsonsecurity.com/?p=3176#comment-6073 Secunia PSI will only show you updates that are known to fix a vulnerability - if you installed version isn't "dangerous" it won't complain. Secunia PSI will only show you updates that are known to fix a vulnerability – if you installed version isn’t “dangerous” it won’t complain.

Like or Dislike: Thumb up 2 Thumb down 0
]]>