http://morningwood.ethicsdesign.com/fucked4test.html id that... who cares if its a trojan, you surely didnt think it was benign??? i didnt click it knowing it was a <object tag exploit.. or try a HEAD on the link first.. or even nc -vv someurl.isp/link.html
*sigh*
If I didn't know better I might think you presented that link maliciously.
As for your criticism, I believe you misunderstood. I wasn't warning folks the script was malicious. For anyone interested, I simply *identified* the executable which was MakeVBSed into the .vbs file Andreas posted to the list. Symantec calls it 'Download.Trojan'.
Here's that link again:
http://www.symantec.com/avcenter/venc/data/download.trojan.html
If you're unfamiliar with MakeVBS, you can learn more here:
http://rattlesnake.at.box.sk/newsread.php?newsid=7
Cheers,
Cael
---
----- Original Message ----- From: "Cael Abal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 7:03 PM Subject: Re: [Full-Disclosure] IE Object Type Validation Vulnerability Exploit
Decrypted (undo VBS.Encode) it is the following: Andreas
Hi Andreas,
The 'x.exe' created by this script is reported by Symantec as 'Download.Trojan':
http://www.symantec.com/avcenter/venc/data/download.trojan.html
Cael
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
