This is kind of scary....

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

It seems IE will happily ignore all 0x000 bytes located between other characters, and render the code it separates. Also, most, if not all, antivirus products will not catch this either. It seems this exploit has been around for a long time too. For more info take a look at the following link.

This means all a malware writer has to do to hide his code from both IE and current AV products is to place multiple 0x000 bytes between the characters of his scripts, and IE will run the script while the AV that should catch it does nothing.

http://blog.didierstevens.com/2007/10/23/a000n0000-0000o000l00d00-0i000e000-00t0r0000i0000c000k/

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

thats why I don't use IE

 

This is also one reason I don't use MS products, period. There are a lot of unpatched holes that MS has allowed to exist in all their products, even though they have known about them, for years. This is just one example of this kind of stuff.

 

According to the feedback on that page, FF will also ignore one zero byte, though any more and the page will not render properly. We have no futher information to make valid comparisons regarding how other browsers deal with this specific issue.

 

I was always told IE had lots of holes and using FF would minmise the amount of holes in a browser although I am aware not everything can be 100% but I would take 90 over 80 if you know what I mean.

 

Most AV's will catch the malware if it has only one 0x000 byte between characters though. The major problem is the multiple 0x000 bytes between characters, and IE still being willing to render the code.

 

Don't get me wrong Freddy, I am not saying IE is safe, far from it. I am just saying that we have no reliable info that relates to how other browsers deal with zero Bytes. FF we are told will parse one zero byte without blinking but what about Opera? Safari? etc.

 

I don't really know. But I do know that these browsers were all designed with a lot more thought towards security than IE was.

This is as big a problem for the AV companies as it is for MS in my eyes. They have known about this and done nothing to close it either.

 

I have to yet have a problem in IE. I've been using it since 99.

 

I would rather be safe than sure but I also don'tt like the way IE looks.