| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Sep 2004 12:18:04 -0700 From: GuidoZ <uberguidoz@...il.com> To: Gerry Eisenhaur <geisenhaur@...co.com> Cc: ben@...ynews.com, bugtraq@...urityfocus.com Subject: Re: GDI Virus in the wild. The FTP site that was hosting the files was taken down. If anyone would like to take a peek at the files used (for educational purposes only of course), let me know off list. I grabbed a copy. I'd also have to agree with Gerry. This doesn't replicate or spread once executed - it just exploits the local machine, installing a trojan/irc-bot, then connecting back. Still the first of it's kind that I'd seen. -- Peace. ~G On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur <geisenhaur@...co.com> wrote: > It's not a virus, just a connect back (82.1.163.241:55000) cmd shell > exploit. > > /gerry > > Ben wrote: > > Allo, > > > > There is now a GDI+ jpeg exploiting virus in the wild. It was posted > > on Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a > > single person. > > > > See the following for details: > > http://www.easynews.com/virus.txt > > > > You can see the virus here: > > http://easynews.com/test/possiblevirus.jpg.gz > > > > > > - IsolationX > > > > > > -- > Gerald Eisenhaur > Cisco Systems, Inc. > 1414 Massachusetts Ave. > Boxborough, Massachusetts 01719 > voice: 978.936.0465 > geisenhaur@...co.com
Powered by blists - more mailing lists