lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <b7bc1b1f0409281821578f00e1@mail.gmail.com> From: uberguidoz at gmail.com (GuidoZ) Subject: JPEG GDI If anyone is interested in the files this GDI exploit downloaded from the FTP file (mentioned in the Easynews txt; it's now down), I grabbed a copy. Interesting indeed. I've also archived the Easynews write-ups and the "infected" JPEG itself. It's not exactly a virus being that it doesn't replicate or spread in any way, just a connect back which downloads some torjan/irc-bot files. (List of files available on the Easynews.txt page.) Email me off list for a link of it all. -- Peace. ~G On Tue, 28 Sep 2004 16:19:40 -0500, Todd Towles <toddtowles@...okshires.com> wrote: > This was sent out on FD this morning as a password protected ZIP file. > > I downloaded a copy via wget, both my proxy AV and my desktop AV were > able to detect it as a MS04-028 expolit. > > The story was also posted to Slashdot.org last night > > > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Barrie > Dempster > Sent: Tuesday, September 28, 2004 3:16 PM > To: Barry Fitzgerald > Cc: str0ke@...w0rm.com; full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] JPEG GDI > > On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote: > > Yep - in fact I was reading this morning on http://isc.sans.org/ that > > one was just found on an adult newsgroup. > > > > -Barry > > Indeed Barry, heres more information on that for you or others > interested http://easynews.com/virus.html > > I know the file itself has already been posted to the list but this link > gives some preliminary analysis of if it too, which shows it as a trojan > infection vector and not really a virus in the traditional sense. > > -- > Barrie Dempster (zeedo) - Fortiter et Strenue > > http://www.bsrf.org.uk > > [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Powered by blists - more mailing lists