[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] JPG worm!

To: bipin gautam <visitbipin@xxxxxxxxx>
Subject: Re: [Full-Disclosure] JPG worm!
From: Aaron Horst <anthrax101@xxxxxxxxx>
Date: Mon, 20 Sep 2004 17:59:30 -0400

Interesting. It would appear to not be a JPEG worm, but rather to be
the regular old CHM exploits. The interesting thing about it is that
it simply calls a link that was posted to FD last week.

The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into
the main page, with http://www.xf*s.com/msn/news.htm in an iframe.
(Note: Change * to 2, to protect the unpatched IE users). I'm not sure
why that would be processed...

However, news.htm was plugged by Nicolas Montoza <xonico@xxxxxxxxx> last week:
http://lists.netsys.com/pipermail/full-disclosure/2004-September/026475.html

AnthraX101

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] JPG worm!
  - From: Nicolas Montoza

References:
- [Full-Disclosure] JPG worm!
  - From: bipin gautam

Prev by Date: Re: [Full-Disclosure] Scandal: IT Security firm hires the author of Sasser worm
Next by Date: Re: [Full-Disclosure] Sick of stupid analogies
Previous by thread: [Full-Disclosure] JPG worm!
Next by thread: Re: [Full-Disclosure] JPG worm!
Index(es):
- Date
- Thread