lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 26 Jan 2004 12:54:56 -0500
From: "mightye[removethis]" <"mightye[removethis]"@mightye.org>
To: 1@...ware.com
Cc: bugtraq@...urityfocus.com, NTBugtraq@...tserv.ntbugtraq.com
Subject: Re: Self-Executing FOLDERS: Windows XP Explorer Part V


I get the following dialogue box on:
+ Windows XP SP1,
+ IE 6.0.2800.1106.xpsp2.030422-1633, Updates: SP1; Q822925; Q330994; 
Q828750; Q825145

"Your current security settings prohibit running ActiveX controls on 
this page.  As a result, the page may not display correctly."

The site shows as being in My Computer zone.  Since I can't change those 
settings, my security settings for Internet are:
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disable
Initialize and script ActiveX controls not marked as safe: Disable
Run ActiveX controls and plugins: Enable
Script ActiveX controls marked safe for scripting: Enable

Internet Explorer / Windows Explorer (which ever it thinks it is) shows, 
"Installing components...My%20Pics.folder!malware.exe" in the status bar 
at the end of execution, though the exe was never run unless it was 
designed to look like a regular IE dialogue.

-Eric "MightyE" Stevens
http://lotgd.net
To reply to me, please remove "[removethis]" from my email address.

http-equiv@...ite.com wrote:

>Sunday, January 25, 2004 
>
>
>The following file is a 'folder' comprising both scripting and 
>an executable [*.exe]. 
>
>We inject scripting and an executable into the 'folder' which is 
>designed to point back to the executable in the 'folder' and 
>execute it. Provided the 'folder' is an html file, Windows XP 
>Explorer will execute it. 
>
>Because it is an 'folder' proper, Windows Explorer opens it. The 
>scripting inside is then parsed and fired. That scripting is 
>pointing back to the same executable file and because it is a 
>self-executing 'folder',  it executes ! 
>
>Fully self-contained harmless *.exe. 
>
>Windows XP only: 
>
>
>http://www.malware.com/my.pics.zip
>
>
>Be aware of 'folders' out there.
>
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ