| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: bowwow at nowhere.org (bowwow@...here.org) Subject: JPEG GDI+ (MS04-028) Exploit at http://www.splitinfinity.info Gosh.....our Snort oinking another one @ hxxp://www.splitinfinity.info/fa/blok.jpg with payload @ hxxp://www.splitinfinity.info/fa/blok.jpg/fa/aga.exe . Here is the scan results from http://www.virustotal.com : ============= This is the report of the scanning done over "aga.exe" file that VirusTotal processed on 10/11/2004 at 10:42:52. Antivirus Version Update Result BitDefender 7.0 10.09.2004 - ClamWin devel-20040922 10.10.2004 - eTrust-Iris 7.1.194.0 10.10.2004 - F-Prot 3.15b 10.09.2004 - Kaspersky 4.0.2.24 10.11.2004 TrojanDownloader.Win32.Small.oh McAfee 4397 10.06.2004 - NOD32v2 1.890 10.10.2004 unpack error Norman 5.70.10 10.07.2004 W32/Downloader Panda 7.02.00 10.10.2004 - Sybari 7.5.1314 10.11.2004 TrojanDownloader.Win32.Small.oh Symantec 8.0 10.10.2004 - TrendMicro 7.000 10.10.2004 - ============= Hmmm.....no much info on this TrojanDownloader.Win32.Small.oh , any taker wanna dissect it? :) Btw thx to the Peter Kruse & Willem Koenings of [Full-Disclosure] lists on giving more details on Backdoor.Netsnake.h . Cheers, bowwow On Sat, 09 Oct 2004 09:10:22 +0800 , bowwow wrote: >Got this from company network on Snort oinking "WEB-CLIENT JPEG parser >heap overflow attempt" >(http://www.snort.org/snort-db/sid.html?sid=1-2705). > >Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @ >hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h >trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h)
Powered by blists - more mailing lists