Re: [Full-Disclosure] Sears Scam Trojan Code
From: Jarkko Turkulainen <jt@klake.org>
Date: Thu Dec 25 2003 - 08:16:31 CST
Date: Thu Dec 25 2003 - 08:16:31 CST
> being a programmer, I was simply wondering what the content of page.hta
> actually does. I've attached the file as page.txt for anyone who wishes
> to find out; perhaps the results will be interesting. Page.hta can be
> found at http://radnorthgm.com/special/.
The HTA file contains a binary program that seems to be a some sort loader
program. As a first impression, it tries to download something from
cjdra.com via HTTP and run it.
Regards,
-- Jarkko Turkulainen <jt@klake.org> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Thu Dec 25 08:36:57 2003
This archive was generated by hypermail 2.1.8 : Thu Dec 25 2003 - 09:01:01 CST
Custom Search
