Re: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit

[Cael Abal <lists@xxxxxxxxxx>]

> http://morningwood.ethicsdesign.com/fucked4test.html
> id that... who cares if its a trojan, you surely didnt think it was
> benign??? i didnt click it knowing it was a <object tag exploit.. or try a
> HEAD on the link first.. or even
> nc -vv someurl.isp/link.html
>
> *sigh*

If I didn't know better I might think you presented that link maliciously.

As for your criticism, I believe you misunderstood.  I wasn't warning
folks the script was malicious.  For anyone interested, I simply
*identified* the executable which was MakeVBSed into the .vbs file
Andreas posted to the list.  Symantec calls it 'Download.Trojan'.

Here's that link again:

http://www.symantec.com/avcenter/venc/data/download.trojan.html

If you're unfamiliar with MakeVBS, you can learn more here:

http://rattlesnake.at.box.sk/newsread.php?newsid=7

Cheers,

Cael

---

> ----- Original Message -----
> From: "Cael Abal" <lists@xxxxxxxxxx>
> To: <full-disclosure@xxxxxxxxxxxxxxxx>
> Sent: Tuesday, September 16, 2003 7:03 PM
> Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability
> Exploit


> > > Decrypted (undo VBS.Encode) it is the following:
> > > Andreas
> >
> > Hi Andreas,
> >
> > The 'x.exe' created by this script is reported by Symantec as
> > 'Download.Trojan':
> >
> > http://www.symantec.com/avcenter/venc/data/download.trojan.html
> >
> > Cael


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html