Re: Self-Executing FOLDERS: Windows XP Explorer Part V

["mightye[removethis]" <"mightye[removethis]"@mightye.org>]

I get the following dialogue box on:
+ Windows XP SP1,
+ IE 6.0.2800.1106.xpsp2.030422-1633, Updates: SP1; Q822925; Q330994; 
Q828750; Q825145

"Your current security settings prohibit running ActiveX controls on 
this page.  As a result, the page may not display correctly."

The site shows as being in My Computer zone.  Since I can't change those 
settings, my security settings for Internet are:
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disable
Initialize and script ActiveX controls not marked as safe: Disable
Run ActiveX controls and plugins: Enable
Script ActiveX controls marked safe for scripting: Enable

Internet Explorer / Windows Explorer (which ever it thinks it is) shows, 
"Installing components...My%20Pics.folder!malware.exe" in the status bar 
at the end of execution, though the exe was never run unless it was 
designed to look like a regular IE dialogue.

-Eric "MightyE" Stevens
http://lotgd.net
To reply to me, please remove "[removethis]" from my email address.

http-equiv () excite com wrote:

> Sunday, January 25, 2004 
>
>
> The following file is a 'folder' comprising both scripting and 
> an executable [*.exe]. 
>
> We inject scripting and an executable into the 'folder' which is 
> designed to point back to the executable in the 'folder' and 
> execute it. Provided the 'folder' is an html file, Windows XP 
> Explorer will execute it. 
>
> Because it is an 'folder' proper, Windows Explorer opens it. The 
> scripting inside is then parsed and fired. That scripting is 
> pointing back to the same executable file and because it is a 
> self-executing 'folder',  it executes ! 
>
> Fully self-contained harmless *.exe. 
>
> Windows XP only: 
>
>
> http://www.malware.com/my.pics.zip
>
>
> Be aware of 'folders' out there.
>
>
>
>