b0x.com link

Wouter Clarie rimshot at pandora.be
Tue Aug 10 14:16:57 PDT 2004


On Tue, 10 Aug 2004, cmulcahy at xxxxxxxxx wrote:

> prompts the execution of a script, wgotten and renamed b0x.js (attached)
> which performs browser detection, and in the case of Netscape 5+ prompts
> for the download and install of sbc_netscape.xpi (also attached ;; DO
> NOT EXECUTE) which if interrogated with zip or jar is revealed to be an
> install script and a windows executable ( which is so resistant to
> 'strings' as to appear intentionally encrypted or obfuscated ).

McAfee detects the executable as 'Keylog-Briss'.

Wouter





More information about the Kernel mailing list