OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Bubble Boy Virus Spreading Mechanism
From: Andrew Leong (Andrew_LeongEMAIL.COM)
Date: Tue May 16 2000 - 22:40:53 CDT


Thanks Mr Hecix for forwarding the material. But some questions arise from
it. It is obvious that the script uses the Scriptlet.TypeLib Control from
the ClassID. However, why does it use 2 of them. And why is the one assided
to SoupNazi not used? Is there an error in the script? Or does the other one
use the EyeDog Control? If so then is the ClassID wrong?

Next question, does the Vandelay.Doc = " **INSERT CODE HERE**" mean that the
binary code is attached (like in buffer overflows?). How do we put the code
in? And what happens when Vandelay.Write is executed? Does it create a
temporary file with the code written into it? Then when Windoz reboots, does
it auto-run it due to the Update.HTA file? Or is the code written into
Update.HTA?

Comments anyone?

Thanks.

Andrew Leong
____________________________________________________________________________

Public Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x1BFF3601

PGP Key Fingerprint = 92F8 EF74 19A3 EEC6 6B83 9D83 A61B 20C5 1BFF 3601
____________________________________________________________________________