OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Outlook/HTML "proggie"
From: Thierry Zoller (rellozVO.LU)
Date: Wed Mar 22 2000 - 06:20:06 CST

What you are claiming to have done is apparently exactly the same as
BadBlood does (strange isn't it?).
Badblood for those who don't know, is a precoded HTA trojan dropper, by
simply viewing the html the user "get's infected" by exploiting a
BufferOverflow of an IE component.
The source-code and Documentation exist since over 8 month and is freely
avaible to anybody, it can be downloaded here.
http://www.tlsecurity.net/cgi-bin/download.cgi?misc/badblood.zip

To Methodman : Go play somewhere else, people like you who go like " I
have something really great, but I don't give it to you" have a lack of
Commonsense and do mostly suffer of some sort of Profil-Neurose. Thank
you not.

methodman wrote:

> Hello ! I would have posted this a few days ago, but I didn't have the
> time... I guess it's ok to send this even though the thread is over
> (?). About a week ago I have created a .html trojan/worm thingie that
> infects you if you read the email from Outlook, you don't have to run
> any attachments and no popups pop-up :) What it does: using the SCR
> object, it creates a trojan.hta in your c:\windows\start menu\startup
> which contains some JavaScript commands that copy it (using the WSH
> object) to c:\windows\system and add it to the registry
> (HKEY_LOCAL_MACHINE\......\Run), after you restart your computer.
> Think of what it could do... what if it wouldn't create a .hta and it
> would create a .bat containing the hex dump of sometrojan.exe
> ? Anyway... I don't intend to release it and NO, I won't give you the
> source code unless you pay me :) Regards,[ methodman ]