Re: Self-Executing FOLDERS: Windows XP Explorer Part V
I get the following dialogue box on:
+ Windows XP SP1,
+ IE 6.0.2800.1106.xpsp2.030422-1633, Updates: SP1; Q822925; Q330994;
Q828750; Q825145
"Your current security settings prohibit running ActiveX controls on
this page. As a result, the page may not display correctly."
The site shows as being in My Computer zone. Since I can't change those
settings, my security settings for Internet are:
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disable
Initialize and script ActiveX controls not marked as safe: Disable
Run ActiveX controls and plugins: Enable
Script ActiveX controls marked safe for scripting: Enable
Internet Explorer / Windows Explorer (which ever it thinks it is) shows,
"Installing components...My%20Pics.folder!malware.exe" in the status bar
at the end of execution, though the exe was never run unless it was
designed to look like a regular IE dialogue.
-Eric "MightyE" Stevens
http://lotgd.net
To reply to me, please remove "[removethis]" from my email address.
http-equiv@xxxxxxxxxx wrote:
Sunday, January 25, 2004
The following file is a 'folder' comprising both scripting and
an executable [*.exe].
We inject scripting and an executable into the 'folder' which is
designed to point back to the executable in the 'folder' and
execute it. Provided the 'folder' is an html file, Windows XP
Explorer will execute it.
Because it is an 'folder' proper, Windows Explorer opens it. The
scripting inside is then parsed and fired. That scripting is
pointing back to the same executable file and because it is a
self-executing 'folder', it executes !
Fully self-contained harmless *.exe.
Windows XP only:
http://www.malware.com/my.pics.zip
Be aware of 'folders' out there.