[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] one new trojan

To: "'Willem Koenings'" <isec@xxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] one new trojan
From: Jelmer <jkuperus@xxxxxxxxx>
Date: Sat, 24 Jul 2004 21:02:23 +0200

It abuses the "MSIE JVM bytecode verifier" bug found by LSD in 2002

http://lsd-pl.net/vulnerabilities.html

Patched by

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Willem Koenings
Sent: zaterdag 24 juli 2004 19:14
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] one new trojan


hi,

today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg

if anyone is curious to play with it :

http://conyc.com/galleryg/arc.zip

starter script is here:

http://conyc.com/galleryg/starter.html

willem.


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] one new trojan
  - From: Willem Koenings

Prev by Date: Re: [Full-Disclosure] one new trojan
Next by Date: [Full-Disclosure] Possible Virus/Trojan
Previous by thread: Re: [Full-Disclosure] one new trojan
Next by thread: re: [Full-Disclosure] one new trojan
Index(es):
- Date
- Thread