[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000601c471b0$c42d6a70$3200000a@alex>
From: jkuperus at planet.nl (Jelmer)
Subject: one new trojan
It abuses the "MSIE JVM bytecode verifier" bug found by LSD in 2002
http://lsd-pl.net/vulnerabilities.html
Patched by
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Willem Koenings
Sent: zaterdag 24 juli 2004 19:14
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] one new trojan
hi,
today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg
if anyone is curious to play with it :
http://conyc.com/galleryg/arc.zip
starter script is here:
http://conyc.com/galleryg/starter.html
willem.
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists