<<< Date Index >>>     <<< Thread Index >>>

Re: Self-Executing FOLDERS: Windows XP Explorer Part V



I get the following dialogue box on:
+ Windows XP SP1,
+ IE 6.0.2800.1106.xpsp2.030422-1633, Updates: SP1; Q822925; Q330994; Q828750; Q825145

"Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly."

The site shows as being in My Computer zone. Since I can't change those settings, my security settings for Internet are:
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disable
Initialize and script ActiveX controls not marked as safe: Disable
Run ActiveX controls and plugins: Enable
Script ActiveX controls marked safe for scripting: Enable

Internet Explorer / Windows Explorer (which ever it thinks it is) shows, "Installing components...My%20Pics.folder!malware.exe" in the status bar at the end of execution, though the exe was never run unless it was designed to look like a regular IE dialogue.

-Eric "MightyE" Stevens
http://lotgd.net
To reply to me, please remove "[removethis]" from my email address.

http-equiv@xxxxxxxxxx wrote:

Sunday, January 25, 2004

The following file is a 'folder' comprising both scripting and an executable [*.exe]. We inject scripting and an executable into the 'folder' which is designed to point back to the executable in the 'folder' and execute it. Provided the 'folder' is an html file, Windows XP Explorer will execute it. Because it is an 'folder' proper, Windows Explorer opens it. The scripting inside is then parsed and fired. That scripting is pointing back to the same executable file and because it is a self-executing 'folder', it executes ! Fully self-contained harmless *.exe. Windows XP only:

http://www.malware.com/my.pics.zip


Be aware of 'folders' out there.