From: Thierry Zoller [relloz@VO.LU] Sent: Wednesday, March 22, 2000 7:20 AM To: VULN-DEV@SECURITYFOCUS.COM Subject: Re: Outlook/HTML "proggie" What you are claiming to have done is apparently exactly the same as BadBlood does (strange isn't it?). Badblood for those who don't know, is a precoded HTA trojan dropper, by simply viewing the html the user "get's infected" by exploiting a BufferOverflow of an IE component. The source-code and Documentation exist since over 8 month and is freely avaible to anybody, it can be downloaded here. http://www.tlsecurity.net/cgi-bin/download.cgi?misc/badblood.zip To Methodman : Go play somewhere else, people like you who go like " I have something really great, but I don't give it to you" have a lack of Commonsense and do mostly suffer of some sort of Profil-Neurose. Thank you not. methodman wrote: Hello ! I would have posted this a few days ago, but I didn't have the time... I guess it's ok to send this even though the thread is over (?). About a week ago I have created a .html trojan/worm thingie that infects you if you read the email from Outlook, you don't have to run any attachments and no popups pop-up :) What it does: using the SCR object, it creates a trojan.hta in your c:\windows\start menu\startup which contains some JavaScript commands that copy it (using the WSH object) to c:\windows\system and add it to the registry (HKEY_LOCAL_MACHINE\......\Run), after you restart your computer. Think of what it could do... what if it wouldn't create a .hta and it would create a .bat containing the hex dump of sometrojan.exe ? Anyway... I don't intend to release it and NO, I won't give you the source code unless you pay me :) Regards,[ methodman ]