Homepage()

  • Thread starter Thread starter E. Fridman
  • Start date Start date
E

E. Fridman

Hi,

What are those e-mails without attachments that redirect to seemingly
gibberish URLs like "cid:zuzhjs"? The source code includes Homepage()
Javascript function.

Are they all attempts of "Shadow.dll" exploits? If so, should they
effect Win'9x systems?

TIA, Eugene
 
E. Fridman said:
Hi,

What are those e-mails without attachments that redirect to seemingly
gibberish URLs like "cid:zuzhjs"? The source code includes Homepage()
Javascript function.

Are they all attempts of "Shadow.dll" exploits? If so, should they
effect Win'9x systems?

TIA, Eugene
Click to expand...

Hijackers, spyware/adware or most likely worse, viruses. If you opened any and
executed the attachment, that's not good.

I'd suggest running a full system virus check in Safe Mode first, then run the
full gamut for spyware/adware detection/removal.

--

Brian A. Sesko
{ MS MVP_Shell/User }
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm
 
Brian,

As I stated in my original message, these e-mails do not have
attachments. They have "in-line" HTML code.
 
E. Fridman said:
Brian,

As I stated in my original message, these e-mails do not have
attachments. They have "in-line" HTML code.
Click to expand...
Some mail clients are capable of executing html code in the preview pane
- that's how they display information. Reputable companies do this for
their email newsletters sometimes.
 
E. Fridman said:
Brian,

As I stated in my original message, these e-mails do not have
attachments. They have "in-line" HTML code.
Click to expand...

To some people, any included encoded executable content is called
"attachment" just as anything that makes your computer 'sick' is
"virus".

Maybe you could post a small sample without any base64 or uuencoded
content. Encapsulate the entire textual post in the HTML tags
<code></code> just in case someone reads usenet in HTML. Otherwise we're
left to only guesses - like 'it's a browser hijacker'. Even better,
submit the e-mail to scans at the virustotal site - surely some of those
scanners will detect an exploit such as you mentioned.
 
Ok, I misread that, yet my recommendation still stands. HTML is used as a
transport for the likes, and with the odd names and the mention of JScript it's
highly probable.

--

Brian A. Sesko
{ MS MVP_Shell/User }
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm
 
Back
Top