[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0

To: "Feher Tamas" <etomcat@freemail.hu>, <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0
From: "Knud Erik Hojgaard" <knud@skodliv.dk>
Date: Tue, 11 Nov 2003 18:38:36 +0100

Feher Tamas wrote:
> Hello,
>
>> Fully self-contained harmless *.exe:
>> CAUTION: back up notepad.exe before opening
>> http://www.malware.com/self-exec.zip
>
> Kaspersky Antivirus says:
> TrojanDropper.VBS.Inor.i
>
> I wouldn't call this malware harmless. Please remove it!

Who cares what av-vendors say about certain files? A certain crappy
antivirus solution will most likely flag this email as some sort of virus
because of this string:
$freebsd_string = $nop x $len . $ret x 2 . $nop x 1000 . $shellcode;
..at least it works if people use mirc and have logging enabled. crappy.

--
kokanin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0
  - From: Feher Tamas <etomcat@freemail.hu>

Prev by Date: RE: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service
Next by Date: Re: [Full-Disclosure] Windows 2000 Logout events are not monitored!
Previous by thread: Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0
Next by thread: RE: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0
Index(es):
- Date
- Thread