[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Flash that simulates virus scan
From:       "Dude VanWinkle" <dudevanwinkle () gmail ! com>
Date:       2007-10-31 23:34:50
Message-ID: e024ccca0710311634o247cf4b6rec90ae1e8cde940 () mail ! gmail ! com
[Download RAW message or body]

On 10/31/07, Joshua Tagnore <joshua.tagnore@gmail.com> wrote:
> List,
>
>     Some time ago I remember that someone posted a PoC of a small site that
> had a really nice looking flash animation that "performed a virus scan" and
> after the "virus scan" was finished, the user was prompted for a "Download
> virus fix?" question. After that, of course, a file is sent to the user and
> he got infected with some malware. Right now I'm performing a penetration
> test, and I would like to target some of the users of the corporate LAN, so
> I think this approach is the best in order to penetrate to the LAN.
>
>     I searched google but failed to find the URL, could someone send it to
> me ? Thanks!

You can always use the 'ol drop-a-usb-flash-drive-in-the-parking-lot
trick. I find it helps if you label it "2006 salary report" or
"Classified- 2008 Layoffs". This usually does the trick if autorun is
enabled on workstations. If you can find a way to create cdfs
formatted pen drives, lemme know.

Don't forget to chop your keylogger in half with hex editors till you
find the signature and then edit it so they no longer detect you.

-JP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]