Bugtraq mailing list archives
Re: Self-Executing FOLDERS: Windows XP Explorer Part V
From: "mightye[removethis]" <"mightye[removethis]"@mightye.org>
Date: Mon, 26 Jan 2004 12:54:56 -0500
I get the following dialogue box on: + Windows XP SP1,+ IE 6.0.2800.1106.xpsp2.030422-1633, Updates: SP1; Q822925; Q330994; Q828750; Q825145
"Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."
The site shows as being in My Computer zone. Since I can't change those settings, my security settings for Internet are:
Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disable Initialize and script ActiveX controls not marked as safe: Disable Run ActiveX controls and plugins: Enable Script ActiveX controls marked safe for scripting: EnableInternet Explorer / Windows Explorer (which ever it thinks it is) shows, "Installing components...My%20Pics.folder!malware.exe" in the status bar at the end of execution, though the exe was never run unless it was designed to look like a regular IE dialogue.
-Eric "MightyE" Stevens http://lotgd.net To reply to me, please remove "[removethis]" from my email address. http-equiv () excite com wrote:
Sunday, January 25, 2004The following file is a 'folder' comprising both scripting and an executable [*.exe]. We inject scripting and an executable into the 'folder' which is designed to point back to the executable in the 'folder' and execute it. Provided the 'folder' is an html file, Windows XP Explorer will execute it. Because it is an 'folder' proper, Windows Explorer opens it. The scripting inside is then parsed and fired. That scripting is pointing back to the same executable file and because it is a self-executing 'folder', it executes ! Fully self-contained harmless *.exe. Windows XP only:http://www.malware.com/my.pics.zip Be aware of 'folders' out there.
Current thread:
- Self-Executing FOLDERS: Windows XP Explorer Part V http-equiv () excite com (Jan 26)
- Re: Self-Executing FOLDERS: Windows XP Explorer Part V mightye[removethis] (Jan 26)
- <Possible follow-ups>
- RE: Self-Executing FOLDERS: Windows XP Explorer Part V Thor Larholm (Jan 26)
- Re: Self-Executing FOLDERS: Windows XP Explorer Part V Jelmer (Jan 27)
- Re: Self-Executing FOLDERS: Windows XP Explorer Part V Liu Die Yu (Jan 27)