lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1075590725.13432.1037.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: [Fwd: Re: another Trojan with the ADO hole? + a
	twist in the story]

Ergh - the http://207.46.110.24/gateway/gateway.dll? address is only a
MSN MSGR site - sorry.

Dan

-----Forwarded Message-----

From: Paul Schmehl <pauls@...allas.edu>
To: Gadi Evron <ge@...tistical.reprehensible.net>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] another Trojan with the ADO hole? + a twist in the story
Date: 31 Jan 2004 14:24:21 -0600

--On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron 
<ge@...tistical.reprehensible.net> wrote:

> The past Trojan horses which spread this way took advantage of the fact
> web servers send an HTML 404 message if a file doesn't exist.
>
> The original sample - britney.jpg - was simply an html file itself, and
> using that fact, and IE loading it. It was combined with one of the
> latest exploits of the time (I don't think MS patched it yet), and
> downloaded the Trojan horses.
>
> This time around there is actually a picture on the web page, of a real
> honest to God girl. But in another frame.. the same story all over again.
>
> For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .

Didn't work on my Titanium using Safari.  The girl 
was....uh....well-endowed.  :-)

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ