[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GDI Virus in the wild.

To: ben@xxxxxxxxxxxx
Subject: Re: GDI Virus in the wild.
From: Gerry Eisenhaur <GEisenhaur@xxxxxxxxx>
Date: Mon, 27 Sep 2004 15:45:10 -0400

It's not a virus, just a connect back (82.1.163.241:55000) cmd shell exploit.

/gerry

Ben wrote:

Allo,

There is now a GDI+ jpeg exploiting virus in the wild.  It was posted
on  Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a
single person.

See the following for details:
http://www.easynews.com/virus.txt

You can see the virus here:
http://easynews.com/test/possiblevirus.jpg.gz

- IsolationX


--
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, Massachusetts 01719
voice:  978.936.0465
geisenhaur@xxxxxxxxx

Follow-Ups:
- Re: GDI Virus in the wild.
  - From: GuidoZ

References:
- GDI Virus in the wild.
  - From: Ben

Prev by Date: Re: New whitepaper "The Phishing Guide"
Next by Date: Re: Microsoft's GDI Detetection Tool faults
Previous by thread: GDI Virus in the wild.
Next by thread: Re: GDI Virus in the wild.
Index(es):
- Date
- Thread