[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] JPEG GDI

To: Todd Towles <toddtowles@xxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] JPEG GDI
From: GuidoZ <uberguidoz@xxxxxxxxx>
Date: Tue, 28 Sep 2004 18:21:04 -0700

If anyone is interested in the files this GDI exploit downloaded from
the FTP file (mentioned in the Easynews txt; it's now down), I grabbed
a copy. Interesting indeed. I've also archived the Easynews write-ups
and the "infected" JPEG itself. It's not exactly a virus being that it
doesn't replicate or spread in any way, just a connect back which
downloads some torjan/irc-bot files. (List of files available on the
Easynews.txt page.)

Email me off list for a link of it all.

--
Peace. ~G

On Tue, 28 Sep 2004 16:19:40 -0500, Todd Towles
<toddtowles@xxxxxxxxxxxxxxx> wrote:
> This was sent out on FD this morning as a password protected ZIP file.
> 
> I downloaded a copy via wget, both my proxy AV and my desktop AV were
> able to detect it as a MS04-028 expolit.
> 
> The story was also posted to Slashdot.org last night
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Barrie
> Dempster
> Sent: Tuesday, September 28, 2004 3:16 PM
> To: Barry Fitzgerald
> Cc: str0ke@xxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] JPEG GDI
> 
> On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote:
> > Yep - in fact I was reading this morning on http://isc.sans.org/ that
> > one was just found on an adult newsgroup.
> >
> >              -Barry
> 
> Indeed Barry, heres more information on that for you or others
> interested http://easynews.com/virus.html
> 
> I know the file itself has already been posted to the list but this link
> gives some preliminary analysis of if it too, which shows it as a trojan
> infection vector and not really a virus in the traditional sense.
> 
> --
> Barrie Dempster (zeedo) - Fortiter et Strenue
> 
>   http://www.bsrf.org.uk
> 
> [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] JPEG GDI
  - From: Todd Towles

Prev by Date: Re: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP
Next by Date: Re: [Full-Disclosure] RE: FW: [Fwd: How one can become a terrorist?]
Previous by thread: RE: [Full-Disclosure] JPEG GDI
Next by thread: FW: [Full-Disclosure] JPEG AV Detection
Index(es):
- Date
- Thread