[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GDI Virus in the wild.

To: Gerry Eisenhaur <geisenhaur@xxxxxxxxx>
Subject: Re: GDI Virus in the wild.
From: GuidoZ <uberguidoz@xxxxxxxxx>
Date: Tue, 28 Sep 2004 12:18:04 -0700

The FTP site that was hosting the files was taken down. If anyone
would like to take a peek at the files used (for educational purposes
only of course), let me know off list. I grabbed a copy.

I'd also have to agree with Gerry. This doesn't replicate or spread
once executed - it just exploits the local machine, installing a
trojan/irc-bot, then connecting back. Still the first of it's kind
that I'd seen.

--
Peace. ~G

On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur
<geisenhaur@xxxxxxxxx> wrote:
> It's not a virus, just a connect back (82.1.163.241:55000) cmd shell
> exploit.
> 
> /gerry
> 
> Ben wrote:
> > Allo,
> >
> > There is now a GDI+ jpeg exploiting virus in the wild.  It was posted
> > on  Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a
> > single person.
> >
> > See the following for details:
> > http://www.easynews.com/virus.txt
> >
> > You can see the virus here:
> > http://easynews.com/test/possiblevirus.jpg.gz
> >
> >
> > - IsolationX
> >
> >
> 
> --
> Gerald Eisenhaur
> Cisco Systems, Inc.
> 1414 Massachusetts Ave.
> Boxborough, Massachusetts 01719
> voice:  978.936.0465
> geisenhaur@xxxxxxxxx

References:
- GDI Virus in the wild.
  - From: Ben
- Re: GDI Virus in the wild.
  - From: Gerry Eisenhaur

Prev by Date: Re: Diebold Global Election Management System (GEMS) Backdoor Account Allows Authenticated Users to Modify Votes
Next by Date: Multiple XSS Vulnerabilities in Wordpress 1.2
Previous by thread: Re: GDI Virus in the wild.
Next by thread: [SECURITY] [DSA 554-1] New sendmail packages fix potential open relay
Index(es):
- Date
- Thread