|
-
Jul 6th, 2001, 02:18 PM
#1
What do I do about this?
I recieved an email with a VBS attachment, which looked innocent...
Code:
Execute DeCode(Long string with a bunch of crap)
but when I copied the decode function into VB and decoded the string, I found a nasty little worm 
What do I do about this? Who do I report this to?
-
Jul 6th, 2001, 02:53 PM
#2
http://www.norton.com
http://www.mcafee.com
PS, can u email it to me ([email protected])? We like lookin thru these @ work.
-
Jul 6th, 2001, 03:04 PM
#3
PowerPoster
I wouldn't mind a butchers at this script kiddie's work...if you don't mind
-
Jul 6th, 2001, 03:19 PM
#4
Monday Morning Lunatic
Same here, let's have a look 
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jul 6th, 2001, 03:22 PM
#5
You know what's scary? Any of us could pop out a real nasty virus (that would land us 10+ years in jail) in about 10- minutes.
Thats a year a minute.
-
Jul 6th, 2001, 03:58 PM
#6
Spetnik, Mike: Sending attachment as text file(homepage.html.vbs.txt), should be sent in a few minutes
Chris: What's your email address?
-
Jul 6th, 2001, 04:05 PM
#7
PowerPoster
damn, I knew I forgot something...
[email protected] will do thanks!  
-
Jul 6th, 2001, 04:53 PM
#8
Monday Morning Lunatic
Okay just arrived...now to find some way of decoding it without VB installed... Access should do
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jul 6th, 2001, 04:56 PM
#9
I can send you the decoded version?
-
Jul 6th, 2001, 04:58 PM
#10
Monday Morning Lunatic
I've disabled ZoneAlarm so it should be okay, yeah.
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jul 6th, 2001, 05:10 PM
#11
haha, hotmail blocked it (hey, fancy MS being capable of s/t like that ). but at least it let me fwd it to earthlink.
hmm, its not that bad. at lest it dont @#$% up ur comp
-
Jul 6th, 2001, 05:20 PM
#12
PowerPoster
guess who forgot to turn the AV off... Damn it can be annoying when you actually want to open an infected file!
So what is all that crap being passed to the function? All the function does is change the peices of crap into something else...looks harmless enough. What does Decode produce? A bastard script?
-
Jul 6th, 2001, 05:25 PM
#13
PowerPoster
Ahh, I got it!
VB Code:
On Error Resume Next
Set WS = CreateObject("WScript.Shell")
Set FSO= Createobject("scripting.filesystemobject")
Folder=FSO.GetSpecialFolder(2)
Set InF=FSO.OpenTextFile(WScript.ScriptFullname,1)
Do While InF.AtEndOfStream<>True
ScriptBuffer=ScriptBuffer&InF.ReadLine&vbcrlf
Loop
Don't run that!!! I've taken a lot of it out anyway to protect the innocent
Last edited by chrisjk; Jul 6th, 2001 at 05:33 PM.
-
Jul 6th, 2001, 05:33 PM
#14
I had that a while ago i got 900 copies in 5 seconds !!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote