lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <b7bc1b1f0409281821578f00e1@mail.gmail.com>
From: uberguidoz at gmail.com (GuidoZ)
Subject: JPEG GDI

If anyone is interested in the files this GDI exploit downloaded from
the FTP file (mentioned in the Easynews txt; it's now down), I grabbed
a copy. Interesting indeed. I've also archived the Easynews write-ups
and the "infected" JPEG itself. It's not exactly a virus being that it
doesn't replicate or spread in any way, just a connect back which
downloads some torjan/irc-bot files. (List of files available on the
Easynews.txt page.)

Email me off list for a link of it all.

--
Peace. ~G


On Tue, 28 Sep 2004 16:19:40 -0500, Todd Towles
<toddtowles@...okshires.com> wrote:
> This was sent out on FD this morning as a password protected ZIP file.
> 
> I downloaded a copy via wget, both my proxy AV and my desktop AV were
> able to detect it as a MS04-028 expolit.
> 
> The story was also posted to Slashdot.org last night
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Barrie
> Dempster
> Sent: Tuesday, September 28, 2004 3:16 PM
> To: Barry Fitzgerald
> Cc: str0ke@...w0rm.com; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] JPEG GDI
> 
> On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote:
> > Yep - in fact I was reading this morning on http://isc.sans.org/ that
> > one was just found on an adult newsgroup.
> >
> >              -Barry
> 
> Indeed Barry, heres more information on that for you or others
> interested http://easynews.com/virus.html
> 
> I know the file itself has already been posted to the list but this link
> gives some preliminary analysis of if it too, which shows it as a trojan
> infection vector and not really a virus in the traditional sense.
> 
> --
> Barrie Dempster (zeedo) - Fortiter et Strenue
> 
>   http://www.bsrf.org.uk
> 
> [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Powered by blists - more mailing lists