Full Disclosure mailing list archives
Re: new email virus?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 30 Aug 2004 13:20:37 +1200
Charles Heselton wrote: Sorry, missed this earlier...
[textarea id="code" style="display:none;"] [object data="ms-its:%6D%68%74%6D%6C:file://C:\drqwtt.mht!${PATH}/default.chm:: /default.htm" type="text/x-scriptlet"][/object] [/textarea]
<<snip>>
Yeah, looks like a blended spam/malware/IE Redirect type exploit attempt. If the recipient is dumb enough to click on the link they've just opened themselves to something "interesting". ;)
Actually, no. This is one of the many auto-execute exploits on unpatched machines and the nature of the above HTML is such that it does not also produce a clickable link. The "dumbness" in any recipient affected by this would be that they were using an unpatched version of IE (or, had this arrived previous to MS shipping a patch -- it took quite some time for this one to get patched -- the "dumbness" would be that they used IE at all...). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new email virus? John Nagro (Aug 25)
- Re: new email virus? Tremaine (Aug 25)
- Re: new email virus? morning_wood (Aug 25)
- Re: new email virus? Charles Heselton (Aug 25)
- Re: new email virus? Nick FitzGerald (Aug 29)
- Re: new email virus? Charles Heselton (Aug 25)
- <Possible follow-ups>
- RE: new email virus? Todd Towles (Aug 25)