Comments on: 4th of July, Business as Usual http://blog.didierstevens.com/2008/07/04/4th-of-july-business-as-usual/ (blog 'DidierStevens) Fri, 12 Mar 2010 08:07:51 +0000 http://wordpress.com/ hourly 1 By: Dave http://blog.didierstevens.com/2008/07/04/4th-of-july-business-as-usual/#comment-33057 Dave Sun, 06 Jul 2008 10:45:59 +0000 http://didierstevens.wordpress.com/?p=453#comment-33057 The line which didn't display correctly in my first comment was that which starts with iframe src= I just noticed the fw.gif, so assume that's the image of the fireworks and false video controls. The line which didn’t display correctly in my first comment was that which starts with iframe src=

I just noticed the fw.gif, so assume that’s the image of the fireworks and false video controls.

]]> By: Dave http://blog.didierstevens.com/2008/07/04/4th-of-july-business-as-usual/#comment-33056 Dave Sun, 06 Jul 2008 10:42:00 +0000 http://didierstevens.wordpress.com/?p=453#comment-33056 OK, I fell for it (I'm a sucker!). I visited the site (using fully patched XP Pro which I reformat and reinstall frequently). I got the ActiveX warning (which I didn't run), then I looked at the source code, which was as you displayed. I've a number of questions: I'm somewhat reluctant to allow the ActiveX ... what's the next stage for me? Should I allow the ActiveX and, if so, what will the outcome be? Is it possible to download the ActiveX for future analysis but without allowing it to run? I've looked at the source code, but what actually invokes the ActiveX? How is the image generated? I realise that it's not a real video. I see that if I hover over the image, it wants to run fireworks.exe (I didn't allow that, nor did I save the file to my PC). I'm suspicious about the line: "" but, as my HTML coding skills can be written on the back of a postage stamp, that doesn't surprise me! Sorry to ask so many questions. I guess I could have e-mailed you directly (and I'm quite happy to continue this in that way), but I just wondered if you, or other contributors, might be able and willing to "fill me in"? OK, I fell for it (I’m a sucker!). I visited the site (using fully patched XP Pro which I reformat and reinstall frequently). I got the ActiveX warning (which I didn’t run), then I looked at the source code, which was as you displayed.

I’ve a number of questions:

I’m somewhat reluctant to allow the ActiveX … what’s the next stage for me? Should I allow the ActiveX and, if so, what will the outcome be? Is it possible to download the ActiveX for future analysis but without allowing it to run?

I’ve looked at the source code, but what actually invokes the ActiveX? How is the image generated? I realise that it’s not a real video.

I see that if I hover over the image, it wants to run fireworks.exe (I didn’t allow that, nor did I save the file to my PC).

I’m suspicious about the line:

“”

but, as my HTML coding skills can be written on the back of a postage stamp, that doesn’t surprise me!

Sorry to ask so many questions. I guess I could have e-mailed you directly (and I’m quite happy to continue this in that way), but I just wondered if you, or other contributors, might be able and willing to “fill me in”?

]]>