Full Disclosure mailing list archives

Re: irc.trojan.fgt - new variant.

From: Jelmer <jkuperus () planet nl>
Date: Thu, 06 Nov 2003 00:38:43 +0100

I guess It's a matter of time before someone hacks in a http server and makes it send out links like
http://victim ip/britney.jpg
Luckily microsoft patches stuff within 2 days, balmer said so so it must be true ;)

  ----- Original Message ----- 
  From: Tom Russell 
  To: full-disclosure () lists netsys com 
  Sent: Wednesday, November 05, 2003 9:46 PM
  Subject: [Full-disclosure] irc.trojan.fgt - new variant.

  Once again, another variant of irc.trojan.fgt is about.
  This one masquerades as a web page - jokes.html, and makes the unfortunate recipient say the following:

  <victim> http:// home.amis .net/krsve9/Pari/jokes.html lol :D

  (spaces added to URL to prevent accidental infection).

  The virus files are at the following location: http://kalleth.2tone-dev.com/fd/jokes-html.zip - DO NOT RUN THE 
EXECUTABLE AS IT IS THE VIRUS. DO NOT OPEN THE HTML PAGE IN INTERNET EXPLORER AS IT IS A VIRUS.
  </disclaimer>

  End of message.

Current thread:

irc.trojan.fgt - new variant. Tom Russell (Nov 05)
- Re: irc.trojan.fgt - new variant. Jelmer (Nov 05)
- <Possible follow-ups>
- RE: irc.trojan.fgt - new variant. ge (Nov 07)
  - Re: irc.trojan.fgt - new variant. Jelmer (Nov 07)
    - RE: irc.trojan.fgt - new variant. Gadi Evron (Nov 07)