Beng Hacks: WebViewFolderIcon part 2

Sunday, October 15, 2006

WebViewFolderIcon part 2

Ok, regarding this ActiveX attack, I noticed that MS has patched this in this week's security update. I advise everyone to patch NOW.

Why? Cuz this javascript hack is quite clever. It hides shellcode inside Unicode to compact it and the shellcode is usually exec and download shellcode to grab trojan off the website. So by the time your IE browser crash just from visiting a website (can be any website, can even be hidden inside email if your webmail dun filter jscript), it already download exe into your PC.

Not only scan your PC for infection, but check your STARTUP folder, and your RUN folder inside your registry. If you dunno what RUN folder in registry is, Google it. Check both LOCAL_MACHINE and CURRENT_USER as instruction can be hidden inside both of these entries to hide a repeating EXE.

Who knows, YOU might be INFECTED right now! If you ever experience IE browser crash for no reason, please be suspicious.

0 Comments:

Post a Comment

<< Home