Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] new email virus?

from [Nick FitzGerald] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] new email virus?
Date: Mon, 30 Aug 2004 13:20:37 +1200 
Charles Heselton wrote:

Sorry, missed this earlier...


[textarea id="code" style="display:none;"]
   [object
data="&#109;s-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm::
/default.htm" type="text/x-scriptlet"][/object]
[/textarea]

<<snip>>

Yeah, looks like a blended spam/malware/IE Redirect type exploit
attempt.  If the recipient is dumb enough to click on the link they've
just opened themselves to something "interesting".  ;)


Actually, no.

This is one of the many auto-execute exploits on unpatched machines and 
the nature of the above HTML is such that it does not also produce a 
clickable link.  The "dumbness" in any recipient affected by this would 
be that they were using an unpatched version of IE (or, had this 
arrived previous to MS shipping a patch -- it took quite some time for 
this one to get patched -- the "dumbness" would be that they used IE at 
all...).


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] write events log to CD?, BillyBobKnob
Next by Date:  Re: [Full-Disclosure] write events log to CD?, VeNoMouS
Previous by Thread:  Re: [Full-Disclosure] new email virus?, Charles Heselton
Next by Thread:  RE: [Full-Disclosure] new email virus?, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]