Vulnerability Development mailing list archives
Re: Opportunist?
From: george_gales () NON HP COM (GALES,SIMON (Non-A-ColSprings,ex1))
Date: Fri, 5 May 2000 07:04:27 -0600
I took a quick look at it, and was wondering just what it was doing fiddling in the MAPI address books... does the ILU worm write to the address book(s)? This script/batchfile only cleans up .vbs files, but I seem to remember someone mentioning overwritten .js/.mp3 files among others? Or is it just my end-of-week fogginess? BB, did you see something specific that we're missing? Or perhaps the author has ... fixed some ... bugs? -Simon george_gales () non hp com -----Original Message----- From: Dag-Erling Smorgrav [mailto:des () FLOOD PING UIO NO] Sent: Friday, May 05, 2000 6:52 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Opportunist? Blue Boar <BlueBoar () THIEVCO COM> writes:
I'll be the first to admit that I'm not much of a VBScript coder, but the code as the URL below looks a little suspicious to me. Perhaps I'm just being paranoid today.
I'm not a VBScript ace either, but the code looks kosher to me. It deletes the registry entries created by LOVELETTER, then searches for and deletes .VBS files. DES -- Dag-Erling Smorgrav - des () flood ping uio no
Current thread:
- Re: Opportunist? Dag-Erling Smorgrav (May 05)
- <Possible follow-ups>
- Re: Opportunist? GALES,SIMON (Non-A-ColSprings,ex1) (May 05)
- Re: Opportunist? Dag-Erling Smorgrav (May 05)
- Re: Opportunist? Dag-Erling Smorgrav (May 07)