Shadow » Blog Archive » mhtml & Exploit-MhtRedirect Trojan

mhtml & Exploit-MhtRedirect Trojan

Tags:

For some reason the VirsScan warned me today that my blog entry 838 contains Exploit-MhtRedir.gen , which uses a MS IE security hole in the MHTML handling to redirect a webpage to a special site.

What�s interesting is that the post was made way before the trojan was created and it used the redirect mechanism without me knowing — must have been an automatic conversion that IE did when I tried to convert/copy from MHTML file.

The MHTML redirect is in the following format:

<A href=”mhtml:file://somefile.mht!http://newsite.com/”>

This entry was posted on Friday, June 25th, 2004 at 12:00 pm and is filed under Odds'n'Ends. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed. Edit this entry.

Leave a Reply

Shadow is proudly powered by WordPress
Entries (RSS) and Comments (RSS).

Copyright Disclaimers:
This site publishes original text contents in HTML and a small number of original graphic/multimedia materials. With a few exceptions, all images you are seeing on your browser are retrieved from other content providers, with your consent, by your browser. Let's be clear: I never provided a bit of those images from my server, nor do I have copies of these images on my server. I simply provided links to images of interest using appropriate HTML IMG tags. By using a graphic web browser, and with "Display Images" option turned on, YOU -- not me -- gave explicit or implicit consent to let your browser automatically retrieve the images and display them on this page. The third-parties may or may not hold the copyright of the displayed images, and you may or may not have violated someone's copyright by allowing your browser to display the image here. If you fear some big fat lawyers might be after you, you should turn off the "Display Images" option.