lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <401BE74A.3000109@egotistical.reprehensible.net>
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: another Trojan with the ADO hole? + a twist in the story

The past Trojan horses which spread this way took advantage of the fact 
web servers send an HTML 404 message if a file doesn't exist.

The original sample - britney.jpg - was simply an html file itself, and 
using that fact, and IE loading it. It was combined with one of the 
latest exploits of the time (I don't think MS patched it yet), and 
downloaded the Trojan horses.

This time around there is actually a picture on the web page, of a real 
honest to God girl. But in another frame.. the same story all over again.

For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .

     Gadi Evron.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ