| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Jan 2004 14:24:21 -0600 From: Paul Schmehl <pauls@...allas.edu> To: Gadi Evron <ge@...tistical.reprehensible.net>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: another Trojan with the ADO hole? + a twist in the story --On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron <ge@...tistical.reprehensible.net> wrote: > The past Trojan horses which spread this way took advantage of the fact > web servers send an HTML 404 message if a file doesn't exist. > > The original sample - britney.jpg - was simply an html file itself, and > using that fact, and IE loading it. It was combined with one of the > latest exploits of the time (I don't think MS patched it yet), and > downloaded the Trojan horses. > > This time around there is actually a picture on the web page, of a real > honest to God girl. But in another frame.. the same story all over again. > > For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg . Didn't work on my Titanium using Safari. The girl was....uh....well-endowed. :-) Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists