Vulnerability Development mailing list archives
Re: Bubble Boy Virus Spreading Mechanism
From: hecix () HOTMAIL COM (. Hecix)
Date: Wed, 17 May 2000 07:19:06 GMT
Right, first off, SoupNazi is the same as the other one, but writes the same file to C:\WINDOWS\MENU INICIO\PROGRAMAS\INICIO\UPDATE.HTA. Is this the Spanish version of the Start menu?? The reason why I removed most of it was it was the same, and I thought you only wanted the mechanism. I didn't realize I left one part in that confused people. The code Vandelay.Doc = " **INSERT CODE HERE**" means that that is the place where I removed the virus code. For instance if you just wanted your e-mail virus to write a file that shows an HTML page with a link on it, then you would do this Vandelay.Doc = "<html> <a href=""http://www.microsoft.com""> </html" The double quotes signifing that single quotes will be written to the file. As the .HTA file is written into the startup directory, windows will see it and automatically execute it with MSHTA.exe, which then leads to loads of e-mails being sent out. I presume you don't need this code. It is somewhat like the love bug one. Hope I have answered your questions ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- Re: Bubble Boy Virus Spreading Mechanism Maxime Rousseau (May 15)
- <Possible follow-ups>
- Re: Bubble Boy Virus Spreading Mechanism Mr Hecix (May 16)
- Re: Bubble Boy Virus Spreading Mechanism Mr Hecix (May 16)
- Re: Bubble Boy Virus Spreading Mechanism Andrew Leong (May 16)
- Re: Bubble Boy Virus Spreading Mechanism Masial (May 16)
- Re: Bubble Boy Virus Spreading Mechanism . Hecix (May 17)