[Full-Disclosure] Sears Scam Trojan Code
Jarkko Turkulainen
jt at klake.org
Thu Dec 25 14:16:31 GMT 2003
> being a programmer, I was simply wondering what the content of page.hta
> actually does. I've attached the file as page.txt for anyone who wishes
> to find out; perhaps the results will be interesting. Page.hta can be
> found at http://radnorthgm.com/special/.
The HTA file contains a binary program that seems to be a some sort loader
program. As a first impression, it tries to download something from
cjdra.com via HTTP and run it.
Regards,
--
Jarkko Turkulainen <jt at klake.org>
Full-Disclosure is hosted and sponsored by Secunia.