lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 6 Jun 2004 22:42:51 -0400
From: "Larry Seltzer" <larry@...ryseltzer.com>
To: "'Jelmer'" <jkuperus@...net.nl>, <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.netsys.com>, <peter@...lomatmail.net>
Subject: RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)


>>Finally I also attached the source files to this message

My McAfee-based gateway scanner blocks the attachment and labels it as "VBS/Psyme",
which has this description
(http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100749): 

"This trojan exploits an unpatched (at the time of this writing) vulnerability in
Internet Explorer.  The vulnerability allows for the writing, and overwriting, of local
files by exploiting the ADODB.Stream object.  There are several variants of this trojan.
Therefore this description is design to give an overview of how the trojan works.

The trojan exists as VBScript.  This script contains instructions to download a remote
executable, save it to a specified location on the local disk, and then execute it."

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@...fdavis.com 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ