[Mimedefang] base64-encoded vbscript .hta file with self-extracting embedded virus
David F. Skoll
dfs at roaringpenguin.com
Wed Jan 21 18:05:14 EST 2004
On Wed, 21 Jan 2004, Royce Williams wrote:
> Our customer base got hit today with a virus that slipped through
> via some wily obfuscation that I hadn't seen before. What it does,
> in a nutshell, is a base64-encoded .hta file that has VBScript in it
> to convert a long string of hex into a binary, store it in your
> system32 directory, and run it.
But .hta files should be blocked, unless you've modified the $bad_exts
list.
Regards,
David.
More information about the MIMEDefang
mailing list