Running mozilla 1.6. Nothing showed up here as your assuming. On Sun, 2004-02-15 at 17:40, Erik van Straten wrote: > Hi Nicola, > > It's not a zip file, not an applet, but a plain EXE file. Seems > compressed somehow, no time to figure it out now. Dunno why Mozilla > runs this (I don't like it). > > If something showed up in your status bar, you should definitely assume > your box was compromised. > > Take care out there, > Erik > > On Sun, 15 Feb 2004 20:20:11 +0100 Nicola Fankhauser wrote: > > hi jedi > > > > On Sun, 2004-02-15 at 18:45, Jedi/Sector One wrote: > > > This is equivalent to http://64.29.173.91/ > > > > ok, and the html of the index page is as following: > > > > <html><body bgcolor=white link=#ffffff vlink=#ffffff alink=#ffffff> > > <h2>SERVER ERROR 550</h2> > > <applet ARCHIVE="javautil.zip" CODE="BlackBox.class" WIDTH=1 > > HEIGHT=1></applet></body></html> > > > > now, the "SERVER ERROR 550" is clearly a fake - the java applet below > > just starts fine. strangely, the 'javautil.zip' is not a valid zip-file, > > yet 'appletviewer' and mozilla (don't know about MS IE; too dangerous :) > > happily start the applet without any hickups or exceptions and mozilla > > states 'Applet BlackBox started' in the status bar. > > > > is there anybody knowledgable interested in un-zipping, de-compiling and > > analysing this surely malicious applet? I would like to know what > > mozilla just executed on my behalf there... :( > > > > FYI, the file 'javautil.zip' attached is directly taken from the site > > mentioned above. > > > > regards > > nicola > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
