| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.43.0403250951590.28485-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: New exploit now circulating?
text, the mailing list supports text, not html, not rtf, please, fix your
mailers, ten lines of trash to reach two lines of content?!;
@font-face { font-family: Tahoma; } @page Section1 {size: 8.5in 11.0in;
margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt;
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" }
DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times
New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline }
SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited {
COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed {
COLOR: blue; TEXT-DECORATION: underline } P { FONT-SIZE: 12pt;
MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman";
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto } SPAN.EmailStyle17
{ COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply }
DIV.Section1 { page: Section1 } I'm also curious if it changes between
sources or if it's something that can be blocked at a firewall?
Yuk,
Ron DuFresne
On Wed, 24 Mar 2004 PNIXON@...somerville.ma.us wrote:
> I'm also curious if it changes between sources or if it's something that can
> be blocked at a firewall?
>
> -----Original Message-----
> From: Kristian Hermansen [mailto:khermansen@...technology.com]
> Sent: Wednesday, March 24, 2004 3:06 PM
> To: full-disclosure@...ts.netsys.com; jherm@...kass.com
> Subject: [Full-Disclosure] New exploit now circulating?
>
>
>
> It looks like the new iFrame exploit is making the rounds, so has anyone
> analyzed the payload yet (see below)? Or is this just the new Netsky.P? Is
> it linking to a local file or within the email itself? What's going on here
> or did I miss something?
>
>
>
> cid:031401Mfdab4$3f3dL780$73387018@...81fa70Re
>
>
>
> What is this link when deciphered?
>
>
>
> Kristian Hermansen
> khermansen@...technology.com
>
>
> _____
>
>
> From: hobknob@...eyard.net [mailto:hobknob@...eyard.net]
> Sent: Wednesday, March 24, 2004 2:35 PM
> To: webmaster@...otoys.com
> Subject: Mail Delivery (failure webmaster@...otoys.com)
>
>
>
> If the message will not displayed automatically,
> follow the link to read the delivered message.
>
> Received message is available at:
> www.zerotoys.com/inbox/webmaster/read.php?sessionid-797
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists