[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: security at 303underground.com (Scott Taylor)
Subject: new worm - "warm-pussy.jpg".
On Thu, 2003-11-13 at 02:08, Gadi Evron wrote:
> segfault wrote:
>
> > You idiot. Just because a file is called warm-pussy.jpg, doesn't mean that
> > the webserver it resides on isn't going to parse it's actual content (which
> > is probably plaintext). Look again, I'm sure you'll be surprised.
> >
>
> HTML _is_ plain-text.
> Just because the server sends it as plain text doesn't mean the browser
> won't execute it.
>
> It does.
>
> This *is* a Trojan horse.
>
> Do you have anything real to contribute or are you just going to call a
> guy that raised the alarm of a _possible_ new dangerous Trojan hourse names?
What I'm more curious about is which of the servers that passed on the
message from segfault added this line:
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Because, once the message got handed off to my server, which contains a
functioning virus scanner, the message was identified and quarantined.
Actually, I'm quite glad to have been emailed a virus, since most of my
friends do keep their systems clean, so it's always good to know that
the scanner is even alive (aside from the regular emails where it tells
me it updated itself)
So, for anyone curious as to a name to give to that ".jpg" file:
[This warning message is *not* being sent to the apparent originator
of the original message. This address appears to be that of a
mailing list or other automated email system.]
The virus was reported to be:
JS/Petch.A.dropper
--
Scott Taylor - <security@...underground.com>
vuja de:
The feeling that you've *never*, *ever* been in this situation before.
Powered by blists - more mailing lists