I've heard that it is poosible as if someone opens ur page, it'll automatically download trojan in it's PC.
Is it possible ?
buzzons
Oct 23 2003, 06:32 PM
yes.. there are ways. Godwill was one, and there are some exploits that use Local Zone and stuff. But most have been patched
misk
Oct 23 2003, 10:14 PM
can u plz explaiN it ? or any help doc. ?
qroject
Oct 24 2003, 08:07 PM
yeah there is always the new object ie vuln which allows an attacker to run a vbs script on your machine without you knowing well if ya have an unupdated ie
jaxgough
Nov 30 2003, 03:29 AM
Another one is that Autoproxy. Trojan also called Coreflood, it is so cool, hides in a bit of javascript uses ms03-011 I thinks to download a couple of files inc Stop.bat does it thing downloads another file mods the registry and deletes the orignal files leaving only an exe and a dll.
AV does not pick it up 100% of the time, but nearly all the time.
Jax
Flowby
Nov 30 2003, 03:43 AM
And where to get that progy????
jaxgough
Nov 30 2003, 04:02 AM
Sorry, you could have just googled for it, but to make your like easier, here is the link.
I know the word trust and microsoft should never be seen together but it really is ok, and even though it does not say ZoneAlarm Pro it is trust me (if you want)
Jax
akis
Dec 6 2003, 02:05 PM
it's very easy after you visit a web page to be infected.Usually it downloads some code on your hard disk and after that,the code(usually a vbs)is downloading the server of a trojan or anything tha attacker wants to(logger and many others) and ofcourse execute it on your pc...so you are infected as simple as that!
sub0
Dec 6 2003, 03:07 PM
QUOTE (misk @ Oct 23 2003, 07:07 PM)
hello,
I've heard that it is poosible as if someone opens ur page, it'll automatically download trojan in it's PC.
yah they usually encode exes in a web page then open them with vbs.
Trojan^kid
Jan 11 2004, 05:38 AM
use aserver of aweb downloader to download the trojan only 3 or 6 KB
Faceless Master
Jan 11 2004, 10:48 AM
I made a tool called IH Infector that did the same thing but thats now obslete. Anyhow have a google @ data object vurnebility exploit. Regards ~Faceless Master
zero-maitimax
Jan 12 2004, 10:18 AM
QUOTE (Faceless Master @ Jan 11 2004, 10:48 AM)
I made a tool called IH Infector that did the same thing but thats now obslete. Anyhow have a google @ data object vurnebility exploit. Regards ~Faceless Master
sorry to say but when you release that program it was very buggy..
didn't got only error's
zero-maitimax
Jan 12 2004, 10:22 AM
QUOTE (misk @ Oct 23 2003, 06:07 PM)
hello,
I've heard that it is poosible as if someone opens ur page, it'll automatically download trojan in it's PC.
Is it possible ?
yeah that is possible i think about every exploit that is in ie
search for exploit ,object and ie
goodwill is one of the urly tools that made a exe file in mime (base64) and put it in a html file..
but the only problem was the victum close the html file before he download the trojan..
Faceless Master
Jan 12 2004, 05:05 PM
QUOTE (zero-maitimax @ Jan 12 2004, 10:18 AM)
QUOTE (Faceless Master @ Jan 11 2004, 10:48 AM)
I made a tool called IH Infector that did the same thing but thats now obslete. Anyhow have a google @ data object vurnebility exploit. Regards ~Faceless Master P.S Have a look @ this
sorry to say but when you release that program it was very buggy..
There's a tiny program called exe2html, though I'm affraid it's based in the same ie vulnerability IH was, so maybe it's also obsolete.
They also try to spoof the extension of the files making them appear html while they are exe/cmd files (they just rename the autodownload link to http://nameoofthefile.exe?.html or whateve the extension they pretend it to have)
zero-maitimax
Jan 13 2004, 09:16 AM
QUOTE (Faceless Master @ Jan 12 2004, 05:05 PM)
QUOTE (zero-maitimax @ Jan 12 2004, 10:18 AM)
QUOTE (Faceless Master @ Jan 11 2004, 10:48 AM)
I made a tool called IH Infector that did the same thing but thats now obslete. Anyhow have a google @ data object vurnebility exploit. Regards ~Faceless Master P.S Have a look @ this
sorry to say but when you release that program it was very buggy..
yeah it was a time ago tobad erdem stoped do you know why??
seen the posting.. well i think it's lame to spoof a url.. it is nice that isn't it but now everybody knows it
Spookie
Jan 13 2004, 10:25 PM
Does anyone know of a site that keeps records on worms? Like when the were released, etc other then say what the AV products have on there sites or the D.O. site
If anyone is interested, I have a little html web page that I found that exploits something like this. I put it in a .rar file and attached it. To un rar it, get WinRAR from RARLabs.com. Basically, you just open this little bugger up in a browser, click yes to tell it its ok to use ActiveX and there it goes. It makes use of VBScript and WScript. I make no claims as to what this file does. As far as I can tell, it creates a file called maleware.exe that it then opens to run a cool little animation. I thought it was pretty cool, but I would suggest reading the code in notepad before you run it just to make sure its not doing anything else. I used it on a system I don't care about, so it didn't matter to me.
It makes use of MS03-032 I believe. Check it out!
TECHgenius
Feb 9 2004, 11:26 AM
You can use Zephyrus exploit. (Windows Media Player exploit). When your browser open the webpage, WMP will automaticly download the file and execute it!
Another one is that Autoproxy. Trojan also called Coreflood, it is so cool, hides in a bit of javascript uses ms03-011 I thinks to download a couple of files inc Stop.bat does it thing downloads another file mods the registry and deletes the orignal files leaving only an exe and a dll.
