[Dshield] Help Needed With Dissection of Exploit

ptds@majordomo.thedacare.org ptds at majordomo.thedacare.org
Wed Aug 10 14:58:32 GMT 2005

On Wed, 10 Aug 2005, Nemo Omen wrote:

> good to refuse. The address is http:/www.asdfgh.org/passwords.html  Don't 
> load this site up unless you are happy to infect your machine or use a non 
> m/s o/s.

hxxp://www.asdfgh.org/page1.htm contains a jscript exploit

hxxp://www.asdfgh.org/page1.htm is a ADODB.Stream exploit which tries to
load Win32/Dumaru.25616!Trojan from http://www.asdfgh.org/pic10.jpg

hxxp://www.asdfgh.org/ itself tries to exploit a "DHTML Edit Control"

I recommend LARTing  netblockadmin at yahoo-inc.com since www.asdfgh.org
resolves to a number of p3w8.geo.re2.yahoo.com type addresses.

More information about the list mailing list