| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dan at losangelescomputerhelp.com (Daniel H. Renner) Subject: [Fwd: Re: another Trojan with the ADO hole? + a twist in the story] Ergh - the http://207.46.110.24/gateway/gateway.dll? address is only a MSN MSGR site - sorry. Dan -----Forwarded Message----- From: Paul Schmehl <pauls@...allas.edu> To: Gadi Evron <ge@...tistical.reprehensible.net>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] another Trojan with the ADO hole? + a twist in the story Date: 31 Jan 2004 14:24:21 -0600 --On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron <ge@...tistical.reprehensible.net> wrote: > The past Trojan horses which spread this way took advantage of the fact > web servers send an HTML 404 message if a file doesn't exist. > > The original sample - britney.jpg - was simply an html file itself, and > using that fact, and IE loading it. It was combined with one of the > latest exploits of the time (I don't think MS patched it yet), and > downloaded the Trojan horses. > > This time around there is actually a picture on the web page, of a real > honest to God girl. But in another frame.. the same story all over again. > > For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg . Didn't work on my Titanium using Safari. The girl was....uh....well-endowed. :-) Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists