lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: uberguidoz at gmail.com (GuidoZ) Subject: RE: Full-Disclosure digest, Vol 1 #1955 - 19 msgs > Didn't mean to have you apologize, it did it's job. It showed > That I was not vulnerable. I just found it interesting that my > AV called it something that could not be found through search. No worries Randall. =) I really should of warned about the possible AV warnings, as some might not understand what;s actually going on. (I've gotten a few emails like "Ha! My antivirus stopped your ploy to infect me".) =P I can't explain it much better then I have. I figured that most people on this list would understand what was REALLY happening, but I should plan for as many scenarios as possible. This includes those that wouldn't understand what the virus warnings mean. Thanks for your clarification though Randall. Appreciate it. ;) -- Peace. ~G On Thu, 7 Oct 2004 06:02:02 -0500, RandallM <randallm@...mail.com> wrote: > GuidoZ > Didn't mean to have you apologize, it did it's job. It showed > That I was not vulnerable. I just found it interesting that my > AV called it something that could not be found through search. > > thank you > Randall M > > <|>-----Original Message----- > <|>From: GuidoZ [mailto:uberguidoz@...il.com] > <|>Sent: Thursday, October 07, 2004 1:16 AM > <|>To: RandallM > <|>Cc: full-disclosure@...ts.netsys.com > <|>Subject: Re: [Full-Disclosure] RE: Full-Disclosure digest, > <|>Vol 1 #1955 - 19 msgs > <|> > <|>It might be detected as Trojan.Moo or any other variant of > > > <|>the JPEG exploit. As I said, it attempts to exploit the > <|>system to see if it's vulnerable, using an "infected" JPG. > <|>The file I provided is simply a SFX with a batch file and > <|>the "infecte" JPG (named exploit.bak). No attempt has been > <|>made at all to mask what's inside. > <|> > <|>I figured those that would want to use it would either not > <|>worry about the virus warnings, or not get them at all and > <|>REALLY need the fix it helps provide. =) Email me at the > <|>address provided in my original email (exploit _AT_ guidoz > <|>_DOT_ com) and I'll provide a link to the batch files and > <|>such so you may modify them as you wish. > <|> > <|>Sorry for any confusion with the AV. I should of warned > <|>about that in the original email. (Others have written me > <|>asking the same question.) I only provided it to possibly > <|>help others who have lots of friends asking them for help to > <|>patch their systems. This simply sees if they are > <|>vulnerable, then leads them through the steps to patch the > <|>system if they are. (You may have to tell them to ignore AV > <|>warnings, or disable the AV scanner. Again, I urge you to > <|>test this on a NON-PRODUCTION machine first. See what it > <|>contains, read the batch files, see what it downloads, etc.) > <|> > <|>Please feel free to ask me any questions. Hope it helps someone else. > <|> > <|>-- > <|>Peace. ~G > <|> > <|> > <|>On Wed, 6 Oct 2004 20:59:28 -0500, RandallM > <|><randallm@...mail.com> wrote: > <|>> > <|>> <|>--__--__-- > <|>> <|> > <|>> <|>Message: 14 > <|>> <|>Date: Wed, 6 Oct 2004 15:53:32 -0700 > <|>> <|>From: GuidoZ <uberguidoz@...il.com> > <|>> <|>Reply-To: GuidoZ <uberguidoz@...il.com> > <|>> <|>To: full-disclosure@...ts.netsys.com > <|>> <|>Subject: [Full-Disclosure] Quick JPEG/GDI test & fix > <|>(timesaver) > <|>> <|> <|>Hello list, <|> <|>I wrote a very simple program/batch file > <|>> that tests for the JPEG <|>exploit, then if affected, provides > <|>> instructions on how to patch the <|>exploit. It has been > <|>tested on my > <|>> own lil happy lab network, as well <|>as one one network > <|>where I'm a > <|>> sysadmin. (Tested on Windows XP Home <|>and Pro, SP1a and > <|>SP2.) <|> > <|>> <|>It DOES test for the exploit by attempting to use an > <|>"infected" JPG > <|>> <|>which downloads the instructions for fixing it, if > <|>exploited. By > <|>> <|>viewing the strings in the JPG, you can see the file it > <|>downloads > <|>> and <|>check it out for yourself. It's clean. =) Just > <|>contains a batch > <|>> file <|>and a program to launch the batch file. (The file > <|>that gets > <|>> <|>downloaded <|>is a simple SFX.) Links are below. It contains a > <|>> warning saying it's <|>about to try to exploit the system > <|>and to save > <|>> data in open programs. > <|>> <|>(It also warns that Explorer may crash.) <|> <|>I wrote > <|>this merely > <|>> to save myself time and allow friends/family to <|>test their own > <|>> systems, then patch them without having to call me for > <|><|>help. It's > <|>> not been tested in every environment and in every <|>scenario. > <|>> <|>If you find a problem, feel free to email me (exploit > <|>_AT_ guidoz > <|>> <|>_DOT_ com) Obviously I'm not responsible if it's abused > <|><|>somehow, > <|>> or if <|>it breaks something, etc. Feel free to modify it > <|>to suit your > <|>> own <|>needs, but use it at your own risk. > <|>> <|> > <|>> <|>Test can be downloaded from here: > <|>> <|>http://www.guidoz.com/exploit-test.exe > <|>> <|> > <|>> <|>Again, it's just an SFX archive with a batch file. Hopefully it > <|>> will <|>save someone else some time. I've used it to have > <|>> friends/family (and <|>a few clients) patch a total of > <|>around 30 machines without problems. > <|>> <|> > <|>> <|>-- > <|>> <|>Peace. ~G > <|>> <|> > <|>> <|> > <|>> <|>--__--__-- > <|>> <|> > <|>> <|>End of Full-Disclosure Digest > <|>> <|> > <|>> > <|>> Well, guess I'm safe. McAfee saw it as > <|>"Exploit-MntRedir.gen" and said...NO! > <|>> I googled it and it found nothing though. Thought it would atleast > <|>> lead me to McAfee. McAfee search said: > <|>> > <|>> "We found no records matching the following criteria: > <|>> Virus name containing "MntRedir.gen". > <|>> Please try narrowing your search by using fewer characters". > <|>> > <|>> What gives? > <|>> > <|>> thank you > <|>> Randall M > <|>> > <|>> _______________________________________________ > <|>> Full-Disclosure - We believe in it. > <|>> Charter: http://lists.netsys.com/full-disclosure-charter.html > <|>> > <|> > >
Powered by blists - more mailing lists