VBscript in Web pages
Bill Campbell
linux-sxs
Tue Oct 12 17:29:59 PDT 2004
On Tue, Oct 12, 2004, Matthew Carpenter wrote:
>Are you sure you want it to?
>
>I just had Konqueror spit out a dialog to download (as a file) "index.html".
>While I thought it strange, I downloaded it and opened it in KATE. What
>I saw knocked my socks off.
>It was indeed HTML, which included a VBScript. The VBScript had one
>variable with Textual-Hex (ie, the letters were AE453FC2) and one blank
>variable. The script then processed the first variable 2-letters at a
>time, converted them to the intended Hex by prepending the characters
>with &h (I'm pulling from memory, so it might have been some other
>characters) and dumping that new Hex-code on to the end of the second
>variable. When done, the app wrote the new variable to a file, and
>executed it. Basically that HTML file dumped some malware onto my
>machine and executed it (or would have if I ran VBScript on Winlose),
>all without downloading another file.
This type of thing has been around for quite a while, and is one of the
many reasons even the U.S. Federal Government has warned Windows users to
use anything but IE (see URL below for references).
http://www.celestial.com/Security/Windows/News_Item.2004-06-30.2399900668
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``My reading of history convinces me that most bad government results
from too much government.'' --Thomas Jefferson.
More information about the Linux-users
mailing list