Re: Self-Executing FOLDERS: Windows XP Explorer Part V

From: mightye[removethis] (_at_mightye.org)
Date: 01/26/04

  • Next message: Thor Larholm: "RE: Self-Executing FOLDERS: Windows XP Explorer Part V" 
    Date: Mon, 26 Jan 2004 12:54:56 -0500
To: 1@malware.com

    I get the following dialogue box on:
    + Windows XP SP1,
    + IE 6.0.2800.1106.xpsp2.030422-1633, Updates: SP1; Q822925; Q330994;
    Q828750; Q825145

    "Your current security settings prohibit running ActiveX controls on
    this page. As a result, the page may not display correctly."

    The site shows as being in My Computer zone. Since I can't change those
    settings, my security settings for Internet are:
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disable
    Initialize and script ActiveX controls not marked as safe: Disable
    Run ActiveX controls and plugins: Enable
    Script ActiveX controls marked safe for scripting: Enable

    Internet Explorer / Windows Explorer (which ever it thinks it is) shows,
    "Installing components...My%20Pics.folder!malware.exe" in the status bar
    at the end of execution, though the exe was never run unless it was
    designed to look like a regular IE dialogue.

    -Eric "MightyE" Stevens
    http://lotgd.net
    To reply to me, please remove "[removethis]" from my email address.

    http-equiv@excite.com wrote:

    >Sunday, January 25, 2004
    >
    >
    >The following file is a 'folder' comprising both scripting and
    >an executable [*.exe].
    >
    >We inject scripting and an executable into the 'folder' which is
    >designed to point back to the executable in the 'folder' and
    >execute it. Provided the 'folder' is an html file, Windows XP
    >Explorer will execute it.
    >
    >Because it is an 'folder' proper, Windows Explorer opens it. The
    >scripting inside is then parsed and fired. That scripting is
    >pointing back to the same executable file and because it is a
    >self-executing 'folder', it executes !
    >
    >Fully self-contained harmless *.exe.
    >
    >Windows XP only:
    >
    >
    >http://www.malware.com/my.pics.zip
    >
    >
    >Be aware of 'folders' out there.
    >
    >
    >
    >
    >

  • Next message: Thor Larholm: "RE: Self-Executing FOLDERS: Windows XP Explorer Part V"

    Relevant Pages

    • Re: Microsoft Update Error 0x80096010 / Genuine Advantage Errors
      ... Start a free Windows Update support incident request: ... Publisher: Unknown Publisher ... Download unsigned ActiveX controls: Disabled ... Allow scripting of Internet Explorer Webbrowser control: ...
      (microsoft.public.windowsupdate)
    • Re: Cannot install update814033
      ... renaming or deleting the Catroot2 folder may ... >Check your windows update.log file for specific error ... >Microsoft MVP Scripting and WMI, ... Can not delete or rename the folder catroot2... ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Cannot Access User Files
      ... > documents and setting folder private.. ... Take Ownership of a File or Folder in Windows XP ... Microsoft MVP Scripting and WMI, ...
      (microsoft.public.windowsxp.security_admin)
    • Re: 0x8024001D
      ... I am actually running a german Windows ... >> Delete the SoftwareDistribution folder and see if it helps. ... >> folder is that you lose your WU/AU History listing. ... >> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
      (microsoft.public.windowsupdate)
    • =?Utf-8?Q?Re:_Genuine_Advantage-G=C3=BCltigkeit?= =?Utf-8?Q?spr=C3=BCfungstool?=
      ... Windows Update-Seite erneut aufsuchen. ... Download unsigned ActiveX controls: Disabled ... Allowed ... Allow scripting of Internet Explorer Webbrowser control: ...
      (microsoft.public.de.security.heimanwender)