[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3dc922c30512280949w946df3fw3e81341551421cc4@mail.gmail.com>
Date: Wed Dec 28 17:50:02 2005
From: ostiguy at gmail.com (Matt Ostiguy)
Subject: test this
McAfee's 4661 (released today) DAT recognizes it as Exploit-WMF.
On 12/28/05, Peter Bruderer <brudy@...derer-research.com> wrote:
>
> Hi there
>
> Using a previous unknown hole in windows, an exploit was discovered
> which infects a PC with spyware and trojans. The PC is infected using a
> manipulated picture in the WMF format.
>
> Only Symantec found a trojan downloader. Another AV scanners found the
> downloaded code, but did not recognize the actual downloader.
>
> (http://www.heise.de/security/news/meldung/67794 for the german
> speeking)
>
> More info:
> http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
> http://isc.sans.org/diary.php?storyid=972
>
> My scanners (McAfee, Kaspersky, Clam) did not find anything.
>
>
>
>
> On Wed, 2005-12-28 at 08:39 -0800, D B wrote:
> > could the uber geeks who do spyware check the
> > attachment for me ??
> >
> > do not click this URL if in windows ... possible
> > malware
> >
> > it is obtained from
> > http://www.cabbage-soup-diet.com/negative-calorie.html
> >
> >
> > GF has countless popups after visiting this site and
> > scanning with several different scanners isnt finding
> > the source
>
> --
> Peter Bruderer
> Bruderer Research GmbH
>
> phone +41 52 620 26 53
> www.brg.ch
>
> peter.bruderer@....ch
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051228/ce7f8caa/attachment.html
Powered by blists - more mailing lists