hello,

I've heard that it is poosible as if someone opens ur page, it'll automatically download trojan in it's PC.

Is it possible ?

yes.. there are ways. Godwill was one, and there are some exploits that use Local Zone and stuff. But most have been patched

can u plz explaiN it ?
or any help doc. ?

yeah there is always the new object ie vuln which allows an attacker to run a vbs script on your machine without you knowing well if ya have an unupdated ie

Another one is that Autoproxy. Trojan also called Coreflood, it is so cool, hides in a bit of javascript uses ms03-011 I thinks to download a couple of files inc Stop.bat does it thing downloads another file mods the registry and deletes the orignal files leaving only an exe and a dll.

AV does not pick it up 100% of the time, but nearly all the time.

Jax

And where to get that progy????

Sorry, you could have just googled for it, but to make your like easier, here is the link.

http://www.my-etrust.com/microsoft/

I know the word trust and microsoft should never be seen together but it really is ok, and even though it does not say ZoneAlarm Pro it is trust me (if you want)

Jax

it's very easy after you visit a web page to be infected.Usually it downloads some code on your hard disk and after that,the code(usually a vbs)is downloading the server of a trojan or anything tha attacker wants to(logger and many others) and ofcourse execute it on your pc...so you are infected as simple as that!

it is very good idea
i search for it before

yah they usually encode exes in a web page then open them with vbs.

use aserver of aweb downloader to download the trojan only 3 or 6 KB

I made a tool called IH Infector that did the same thing but thats now obslete.
Anyhow have a google @
data object vurnebility exploit.
Regards
~Faceless Master

There's a tiny program called exe2html, though I'm affraid it's based in the same ie vulnerability IH was, so maybe it's also obsolete.

They also try to spoof the extension of the files making them appear html while they are exe/cmd files (they just rename the autodownload link to http://nameoofthefile.exe?.html or whateve the extension they pretend it to have)

Does anyone know of a site that keeps records on worms? Like when the were released, etc other then say what the AV products have on there sites or the D.O. site

Thanks in advance


Disregard found it.

Year of The Worm

If anyone is interested, I have a little html web page that I found that exploits something like this. I put it in a .rar file and attached it. To un rar it, get WinRAR from RARLabs.com. Basically, you just open this little bugger up in a browser, click yes to tell it its ok to use ActiveX and there it goes. It makes use of VBScript and WScript. I make no claims as to what this file does. As far as I can tell, it creates a file called maleware.exe that it then opens to run a cool little animation. I thought it was pretty cool, but I would suggest reading the code in notepad before you run it just to make sure its not doing anything else. I used it on a system I don't care about, so it didn't matter to me.

It makes use of MS03-032 I believe. Check it out!

You can use Zephyrus exploit. (Windows Media Player exploit). When your browser open the webpage, WMP will automaticly download the file and execute it!

Check this out.
http://www.malware.com/gulp.html
another IE exploit!

new IE exploit is that you need, you can write files to victims computer