[Dshield] need help decoding.

Nicolas Villatte nicolas.villatte at gmail.com
Thu Sep 20 14:40:00 GMT 2007


Side question on the methodology: how do you extract the .wmv file from the
script and how would you interpret the code?
Or do you only execute it and perform a behavioral analysis?

Thank you,
Nicolas.

On 9/19/07, Shaun <shaun at shaunc.com> wrote:
>
> On Tue, 18 Sep 2007 17:18:07 -0700 (PDT)
> Dan Jackson <kybowhunter515 at yahoo.com> wrote:
>
> The end result attempts to exploit a Windows Media Player vulnerability
> (MS06-006). I didn't invoke the malicious .wmv file to see what the
> final payload is, as I don't have a proper sandbox right now.
>
> This Javascript in and of itself did not open up any further holes on
> your server. That's not to say that the attacker hasn't installed other
> malicious code in whatever manner he managed to deploy this little devil.
>
> hth,
>
> -s
>
> _________________________________________
> SANS Network Security 2007 in Las Vegas September 22-30. 39 courses,
> SANS top instructors.  http://www.sans.org/info/9346
>


More information about the list mailing list