| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nicola.fankhauser at variant.ch (Nicola Fankhauser) Subject: Re: http://federalpolice.com:article872@...5686747 hi jedi On Sun, 2004-02-15 at 18:45, Jedi/Sector One wrote: > This is equivalent to http://64.29.173.91/ ok, and the html of the index page is as following: <html><body bgcolor=white link=#ffffff vlink=#ffffff alink=#ffffff> <h2>SERVER ERROR 550</h2> <applet ARCHIVE="javautil.zip" CODE="BlackBox.class" WIDTH=1 HEIGHT=1></applet></body></html> now, the "SERVER ERROR 550" is clearly a fake - the java applet below just starts fine. strangely, the 'javautil.zip' is not a valid zip-file, yet 'appletviewer' and mozilla (don't know about MS IE; too dangerous :) happily start the applet without any hickups or exceptions and mozilla states 'Applet BlackBox started' in the status bar. is there anybody knowledgable interested in un-zipping, de-compiling and analysing this surely malicious applet? I would like to know what mozilla just executed on my behalf there... :( FYI, the file 'javautil.zip' attached is directly taken from the site mentioned above. regards nicola -------------- next part -------------- A non-text attachment was scrubbed... Name: javautil.zip Type: application/x-ms-dos-executable Size: 4736 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040215/aba412c4/javautil.bin
Powered by blists - more mailing lists