here is what's happening here on my default and up2date winxp.home:

i downloaded the ZIP file at:

http://www.malware.com/my.pics.zip

double clicked it and another windows explorer popped up - there was folder inside the zip file.

then i double clicked the folder - and my screen was burning... :-P

i can play more interesting games when at my school:

just shout out : man, i've shared matrix3 in "mat3" folder on my machine \\UMBRELLA...

many guys will doubleclick that "folder" and get compromised. :-))))))

----------------------

conclusion:

cheating the victim into openning a folder icon is much easier than cheating them into openning an HTM file.

so this is excellent stuff!

another thing:

it works under "mcafee virus scan" at present.

added to my little collection of ie vulnz:

http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html

(a part of TRIE - http://continue.to/trie )

[ reply ]