Hello, when I connected to the CS.net home page, the popup to install a plug in came up (which by the way, I dont think there should be any popups that are trying to get people to install anything. different issue.)

Anyway, the popup, signed by IE PLUGIN LTD has created a temp file, and McAfee has indicated that the file has the Exploit-CodeBase trojan. This is an embedded code to exploit an IE hole. I did not investigate further to verify that there is not an error in the CS.net homepage, I am assuming there is not.

That leaves the plugin as the source. Please do an independent verification on this. Thanks.

I don't think a temp file can do anything... am I wrong Malice?

It's only if you selected 'Yes' to the popup for stuff to download.

Any html code, temp or not temp, has the ability to be malicious. It is possible to embed malicious code in a temp file quite easily.

The issue is if the receiving system has the browser hole that the embedded code is trying to exploit. The browser does not care about the temp issue, that is for the O/S after the temp data has been read by the browser, and to use in the future if need be.

This one functions by embedding a trojan (the codebase) in the html file, then if your system is vulnerable to that, upon viewing the html page, the trojan will trigger.

In this case, I used a test system, and ran through the cycle of banners/popups on the home page several times. Every time that popup was called in the cycle, McAfee went off with the CodeBase trojan. This is a somewaht easy test, as there were no other windows open, only one instance of IE, and the CS.net website.

The only time the security notice came up was when that specific popup was triggered. There is no need to install the app for the security problem to exist, it is before the install can happen.

Just as another check, I ran a third system which uses PC-Cillin, it did not receive any warning message. I'm not sure if it is PC-Cillin signature file, that system, version of browser, etc...

Second, back to an earlier point, I don't think that popups should be allowed that attempt to install anything. Many people will click yes to nearly everything, or have their system accept automatically, that's dangerous.

If no one has any problems, that's good, but there seems to be an issue there. I'm just trying to bring attention to it. If I had more time, I'd rip the files, and study them, but I just don't have the time for that right now.

HTH...