[Opera-Linux] The HTML equivalent of a fork bomb (do not click on the URL in this email)
Larry Clapp
larry at theclapp.org
Fri Oct 31 21:04:51 UTC 2008
I'm not sure how, but somehow I (indirectly) stumbled on the below
freakish URL, I think via some advertisement or other. (Beware the
dangers of searching for Perl ORM modules! ;)
http://efx.add50.com/servlet/ajrotator/308867/0/vh?ajecscp=1225485479842&z=ADD50&dim=300750&pos=2
(do NOT click here)
I normally browse with Javascript, Java, frames, and iframes enabled,
and also with PDFs set to autodownload and open with kpdf, the KDE pdf
reader.
To make a long story short, as near as I can tell, the above
masterpiece in filth kicks off a cascade that
- loads many hundred webpages in invisible iframes
- some of which refer to a pdf file called xcvb.pdf which tries to
exploit an Adobe PDF Reader bug to execute code locally, to what
end I haven't a clue; I think it's a variation on the Code Red
virus, but that's just a (slightly educated) wild-ass-guess
- some of which start a Java applet, to do what I also haven't a
clue
- and generally makes a hash out of your browsing history
- uses 100% of at least one of my two CPU cores and (at least) 2.2 gig
of virtual memory
I don't know what, if anything, I expect the Opera/Linux community to
do, but I figured I'd at least share it, given the time I spent on it.
If somebody out there has seen it before and knows what-the-heck it's
doing, please enlighten me.
(If you click on the above on a Windows box, please be sure you have
your virus protection enabled and up-to-date.)
-- Larry
More information about the Opera-Linux
mailing list