[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

Hi All

Can anyone out there clear the FUD and speak to the less Web Savvy (like me) - 
I set up up a quarantine system (although still with Internet connectivity) to 
run the exe-cute-html but this didn't 'appear' to do anything other than 
display the "JUNKWARE" text.

i.e. I downloaded the zip and extracted the html and then I double-clicked on 
the html file so that IE(5.5) would run it.

So I presume it would be running the html from the MyComputer zone - but I 
didn't get a dialog box or anything.

I'm mostly interested in whether this is a big risk to the company. I'm willing 
to believe that users can be fooled into downloading html and opening it 
locally (e.g. if they think that they are downloading a useful report), but 
then, they can probably be fooled into downloading an exe and running it... So 
am I simply looking at continued Security Awareness briefings (or more 
draconian download restrictions) or is there a greater exposure that I'm 
missing. 

I may have missed earlier parts of this thread so I hope I'm not going over old 
ground.

Regards

Bis



> From: "morning_wood" <se_cur_ity@hotmail.com>

> To: <full-disclosure@lists.netsys.com>

> Subject: Re: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 
> 6.0 Part IV

> Date: Fri, 2 Jan 2004 11:56:29 -0800

> 

> > On Thu, 1 Jan 2004 22:41:35 -0000 "http-equiv@excite.com" wrote:

> > [snip]

> > > Fully self-contained harmless *.exe:

> > >

> > > http://www.malware.com/exe-cute-html.zip

> > [snip]

> >

> > This doesn't look like self-executing HTML - anyway.

> >

> 

> Gives dialog box to open or save a "blabla.hta" and no, it 

> does not self-execute

> even under

> low security settings. try again Jelmer?

> 

> 

> 



---------------------------------
  Yahoo! Messenger - Communicate instantly..."Ping" your friends today! 
Download Messenger Now