Full Disclosure mailing list archives
Re: Sears Scam Trojan Code
From: Jarkko Turkulainen <jt () klake org>
Date: Thu, 25 Dec 2003 16:16:31 +0200 (EET)
being a programmer, I was simply wondering what the content of page.hta actually does. I've attached the file as page.txt for anyone who wishes to find out; perhaps the results will be interesting. Page.hta can be found at http://radnorthgm.com/special/.
The HTA file contains a binary program that seems to be a some sort loader program. As a first impression, it tries to download something from cjdra.com via HTTP and run it. Regards, -- Jarkko Turkulainen <jt () klake org> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Sears Scam Trojan Code segfault (Dec 25)
- Re: Sears Scam Trojan Code Richard Maudsley (Dec 25)
- Re: Sears Scam Trojan Code Paul Tinsley (Dec 25)
- Re: Sears Scam Trojan Code Michael Bemmerl (Dec 25)
- Re: Sears Scam Trojan Code Jarkko Turkulainen (Dec 25)
- Re: Sears Scam Trojan Code Jarkko Turkulainen (Dec 27)
- Re: Sears Scam Trojan Code Nick FitzGerald (Dec 25)
- Re: Sears Scam Trojan Code Jarkko Turkulainen (Dec 26)
- <Possible follow-ups>
- Re: Sears Scam Trojan Code Feher Tamas (Dec 26)
- Re: Sears Scam Trojan Code Richard Maudsley (Dec 25)