[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sears Scam Trojan Code

To: segfault <segfault@nycap.rr.com>
Subject: Re: [Full-Disclosure] Sears Scam Trojan Code
From: Jarkko Turkulainen <jt@klake.org>
Date: Thu, 25 Dec 2003 16:16:31 +0200 (EET)

> being a programmer, I was simply wondering what the content of page.hta
> actually does.  I've attached the file as page.txt for anyone who wishes
> to find out; perhaps the results will be interesting.  Page.hta can be
> found at  http://radnorthgm.com/special/.

The HTA file contains a binary program that seems to be a some sort loader
program. As a first impression, it tries to download something from
cjdra.com via HTTP and run it.


Regards,

--
Jarkko Turkulainen <jt@klake.org>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Sears Scam Trojan Code
  - From: Jarkko Turkulainen <jt@klake.org>

References:
- [Full-Disclosure] Sears Scam Trojan Code
  - From: "segfault" <segfault@nycap.rr.com>

Prev by Date: Re: [Full-Disclosure] Sears Scam Trojan Code
Next by Date: RE: [Full-Disclosure] Bugtraq Security Systems XMAS Advisory 0001
Previous by thread: Re: [Full-Disclosure] Sears Scam Trojan Code
Next by thread: Re: [Full-Disclosure] Sears Scam Trojan Code
Index(es):
- Date
- Thread