[Dshield] Help Needed With Dissection of Exploit
ptds at majordomo.thedacare.org
Wed Aug 10 14:58:32 GMT 2005
On Wed, 10 Aug 2005, Nemo Omen wrote:
> good to refuse. The address is http:/www.asdfgh.org/passwords.html Don't
> load this site up unless you are happy to infect your machine or use a non
> m/s o/s.
hxxp://www.asdfgh.org/page1.htm contains a jscript exploit
hxxp://www.asdfgh.org/page1.htm is a ADODB.Stream exploit which tries to
load Win32/Dumaru.25616!Trojan from http://www.asdfgh.org/pic10.jpg
hxxp://www.asdfgh.org/ itself tries to exploit a "DHTML Edit Control"
I recommend LARTing netblockadmin at yahoo-inc.com since www.asdfgh.org
resolves to a number of p3w8.geo.re2.yahoo.com type addresses.
More information about the list