RE: scary site

From: Chris Santerre (csanterre@MerchantsOverseas.com)
Date: 03/08/02


From: Chris Santerre <csanterre@MerchantsOverseas.com>
To: security-basics@security-focus.com
Date: Fri, 8 Mar 2002 14:04:14 -0500 


Initially this didn't work with IE5.5 however I made a few mods and got
other programs to run. I'm not sure. I had started to play with different
ways of calling programs. like:

c:/windows/rundll32.exe user32.dll,MessageBoxA You Are Screwed

Couldn't get this to work...yet :) Anyone else think that this method would
work, and/or bypass the virus scanner?

If I disable scripting on all clients, I can just see the pone calls
already. :)

-----Original Message-----
From: Patrick McAllister [mailto:tomservo@erols.com]
Sent: Thursday, March 07, 2002 6:23 AM
To: leon; security-basics@security-focus.com
Subject: Re: scary site

If possible, turn of scripting (assuming your using IE)...that will prevent
it from running. Also it generates all kinds of alerts on my AV software....

----- Original Message -----
From: "leon" <leon@inyc.com>
To: <security-basics@security-focus.com>
Sent: Tuesday, March 05, 2002 12:30 PM
Subject: scary site

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> http://www.liquidwd.freeserve.co.uk/
>
>
> Try it with a windows machine and IE with all patches.
>
> Be afraid be very afraid.
>
> FYI this is for all those people who are think that just having a
> firewall is enough.
>
> Guess what?
>
> This works through packet filter, stateful inspection and proxy
> servers.
>
> Cheers,
>
> Leon
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t
> T73+xCv/VhrCGDVDIVrFBqZl
> =9gR6
> -----END PGP SIGNATURE-----
>