[Full-Disclosure] .hta virus analysys
Jim Duggan
on_a_thousand at hotmail.com
Thu Nov 20 01:31:21 GMT 2003
A friend contracted this .hta that seems to edit your profile with a link to itself, http://www.talkstocks.net/
attached is the hta file it attempts to run. Its looks to be encoded, which is something i dont know much about but im sure most people on this list will have no problem reading it, just wondering what it does.
Any help appreciated
Thx
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031119/6976f101/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iav.hta
Type: application/hta
Size: 45835 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031119/6976f101/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.