Author Topic: hxxp://ebaumsworld.on.nimp.org/Shatner/  (Read 5761 times)

0 Members and 1 Guest are viewing this topic.

November 08, 2007, 01:13:05 am
Read 5761 times

Drusepth

  • Special Members
  • Full Member

  • Offline
  • *

  • 57
  • Personal Text
    Drusepth
    • Drusepth.net
I found this being linked to on 4chan.
If I remember correctly, their official myspace phisher they're using for operation myspays is located somewhere on this domain.  (http://www.news.com.au/heraldsun/story/0,21985,22687438-662,00.html)

This looked to me like it was just trying loads of exploits.  Luckily I didn't have my sound on or the right things installed to view the images when I first went, because in the source code it says:
Code: [Select]
<!-- This object plays the "hey everybody, I'm watching gay porno!" sound -->
  <object classid= "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="1" height="1" id="hey">
;)

Also to note, there's different javascript being generated by the php depending on what User Agent you use.

November 08, 2007, 07:03:13 am
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
That code is used for macromedia flash player. Below it you will see the flash file (.swf) which it uses to play.

I think it was created as an annoyance and used to post on forums, IRC, messengers etc to troll people. But it is detected as Exploit MS05-013, so as it tries to use an exploit it can go in the domain list :)

It is interesting to note that as long as "on.nimp.org" is left the same, you can use any subdomain and directory that you like. For example mdl.on.nimp.org/Drusepth/ is valid.

This will be added soon, thank you.