VML vulnerability - code

Discussion in 'malware problems & news' started by Mrkvonic, Jan 18, 2007.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,175
    Hello,
    I believe I have caught an html email with VML exploit.
    I would like to share this with people who really know their stuff. Who can I send this for analysis?
    Mrk

    P.S. I wonder if testing it with IE4fs in Linux will work??
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    TNT comes to my mind. I´m sure that the folks at PrevX and antivirus researchers will appreciate it too.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,175
    Hello,
    Got any links, I'm too lazy to search...
    Mrk
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yes, please if you can you please save the original message and e-mail it to me at 4kibqc702@sneakemail.com zipped with password "infected".

    Thanks.

    NB: I'm gonna close this e-mail address as soon as I get the message. :)
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  6. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Me too please ;)

    Contact me in pvt

    Marco
     
  7. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,175
    Hello,
    Before I make too much wind, I wanted to see how other people analyze it. I could be absolutely wrong of course...
    MIRT is not loading for me right now.... Do you want it?
    Mrk
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think that CastleCops is receiving a DDoS caused by hosting of Gmer. The entire site loads too slowly here.
     
  10. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK

    Yes please.I have PM'ed you an addy and will put it up on MIRT with a link back to this topic.

    TIA:)
     
  11. Cretemonster

    Cretemonster Registered Member

    Joined:
    Mar 31, 2005
    Posts:
    79
    Curious?

    Whats so special about this particular exploit?

    I have been looking at 5 different htm files with varying exploits and was wondering is the one circulating in emails somehow different?

    Exploit.JS.XMLCore.a

    Exploit.HTML.VML.d

    Exploit.HTML.IESlice.d

    Downloader.JS.Agent.bx

    Downloader.JS.Agent.cd
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.