[Dshield] Help Needed With Dissection of Exploit

Paul Marsh pmarsh at nmefdn.org
Wed Aug 10 18:13:56 GMT 2005


	Thanks for the reminder about a details in "Follow the Bouncing
Malware".  I tried your idea on a little nasty I've got but I'm running
into problems. It's having issues creating the ActiveXObject.  IE
reports "Automation server can't create object"  I'm not a coder so I'm
sure I'm screwing something up.  I'd like to find out what this thing is
trying to do, any pointers would be much appreciated.

Thanx, Paul 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Tom Liston
Sent: Wednesday, August 10, 2005 12:05 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Help Needed With Dissection of Exploit

Hash: RIPEMD160

Nemo Omen wrote:
> I became aware of a new piece of spam last week. It tells me I can get

> bank account passwords and transfer some money into my account too. A
> deal too good to refuse. The address is
> http:/www.asdfgh.org/passwords.html  Don't load this site up unless
> you are happy to infect your machine or use a non m/s o/s.


In one of my "Follow the Bouncing Malware" articles, I outlined a method
of quickly decoding stuff like this by allowing the malicious code
itself to do the work for you:



- -TL
Version: GnuPG v1.4.1 (MingW32)


send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:

The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.

More information about the list mailing list