VML vulnerability - code

Discussion in 'malware problems & news' started by Mrkvonic, Jan 18, 2007.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    I believe I have caught an html email with VML exploit.
    I would like to share this with people who really know their stuff. Who can I send this for analysis?
    Mrk

    P.S. I wonder if testing it with IE4fs in Linux will work??
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    TNT comes to my mind. I´m sure that the folks at PrevX and antivirus researchers will appreciate it too.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Got any links, I'm too lazy to search...
    Mrk
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, please if you can you please save the original message and e-mail it to me at 4kibqc702@sneakemail.com zipped with password "infected".

    Thanks.

    NB: I'm gonna close this e-mail address as soon as I get the message. :)
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  6. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Me too please ;)

    Contact me in pvt

    Marco
     
  7. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Before I make too much wind, I wanted to see how other people analyze it. I could be absolutely wrong of course...
    MIRT is not loading for me right now.... Do you want it?
    Mrk
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think that CastleCops is receiving a DDoS caused by hosting of Gmer. The entire site loads too slowly here.
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK

    Yes please.I have PM'ed you an addy and will put it up on MIRT with a link back to this topic.

    TIA:)
     
  11. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    Curious?

    Whats so special about this particular exploit?

    I have been looking at 5 different htm files with varying exploits and was wondering is the one circulating in emails somehow different?

    Exploit.JS.XMLCore.a

    Exploit.HTML.VML.d

    Exploit.HTML.IESlice.d

    Downloader.JS.Agent.bx

    Downloader.JS.Agent.cd
     
Loading...
Thread Status:
Not open for further replies.