[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1076872810.3569.55.camel@zwerg.variant.ch>
From: nicola.fankhauser at variant.ch (Nicola Fankhauser)
Subject: Re:
http://federalpolice.com:article872@...5686747
hi jedi
On Sun, 2004-02-15 at 18:45, Jedi/Sector One wrote:
> This is equivalent to http://64.29.173.91/
ok, and the html of the index page is as following:
<html><body bgcolor=white link=#ffffff vlink=#ffffff alink=#ffffff>
<h2>SERVER ERROR 550</h2>
<applet ARCHIVE="javautil.zip" CODE="BlackBox.class" WIDTH=1 HEIGHT=1></applet></body></html>
now, the "SERVER ERROR 550" is clearly a fake - the java applet below
just starts fine. strangely, the 'javautil.zip' is not a valid zip-file,
yet 'appletviewer' and mozilla (don't know about MS IE; too dangerous :)
happily start the applet without any hickups or exceptions and mozilla
states 'Applet BlackBox started' in the status bar.
is there anybody knowledgable interested in un-zipping, de-compiling and
analysing this surely malicious applet? I would like to know what
mozilla just executed on my behalf there... :(
FYI, the file 'javautil.zip' attached is directly taken from the site
mentioned above.
regards
nicola
-------------- next part --------------
A non-text attachment was scrubbed...
Name: javautil.zip
Type: application/x-ms-dos-executable
Size: 4736 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040215/aba412c4/javautil.bin
Powered by blists - more mailing lists