RE: New exploit now circulating?

[Ron DuFresne <dufresne () winternet com>]

text, the mailing list supports text, not html, not rtf, please, fix your
mailers, ten lines of trash to reach two lines of content?!;

@font-face { font-family: Tahoma; } @page Section1 {size: 8.5in 11.0in;
margin: 1.0in 1.25in 1.0in 1.25in; } P.MsoNormal { FONT-SIZE: 12pt;
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" } LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman" }
DIV.MsoNormal { FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times
New Roman" } A:link { COLOR: blue; TEXT-DECORATION: underline }
SPAN.MsoHyperlink { COLOR: blue; TEXT-DECORATION: underline } A:visited {
COLOR: blue; TEXT-DECORATION: underline } SPAN.MsoHyperlinkFollowed {
COLOR: blue; TEXT-DECORATION: underline } P { FONT-SIZE: 12pt;
MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman";
mso-margin-top-alt: auto; mso-margin-bottom-alt: auto } SPAN.EmailStyle17
{ COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply }
DIV.Section1 { page: Section1 } I'm also curious if it changes between
sources or if it's something that can be blocked at a firewall?


Yuk,

Ron DuFresne

On Wed, 24 Mar 2004 PNIXON () ci somerville ma us wrote:

> I'm also curious if it changes between sources or if it's something that can
> be blocked at a firewall?
>
> -----Original Message-----
> From: Kristian Hermansen [mailto:khermansen () ht-technology com]
> Sent: Wednesday, March 24, 2004 3:06 PM
> To: full-disclosure () lists netsys com; jherm () punkass com
> Subject: [Full-disclosure] New exploit now circulating?
>
>
>
> It looks like the new iFrame exploit is making the rounds, so has anyone
> analyzed the payload yet (see below)?  Or is this just the new Netsky.P?  Is
> it linking to a local file or within the email itself?  What's going on here
> or did I miss something?
>
>
>
> cid:031401Mfdab4$3f3dL780$73387018@57W81fa70Re
>
>
>
> What is this link when deciphered?
>
>
>
> Kristian Hermansen
> khermansen () ht-technology com
>
>
>   _____
>
>
> From: hobknob () vineyard net [mailto:hobknob () vineyard net]
> Sent: Wednesday, March 24, 2004 2:35 PM
> To: webmaster () zerotoys com
> Subject: Mail Delivery (failure webmaster () zerotoys com)
>
>
>
> If the message will not displayed automatically,
> follow the link to read the delivered message.
>
> Received message is available at:
> www.zerotoys.com/inbox/webmaster/read.php?sessionid-797

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html