Full Disclosure mailing list archives
JPEG GDI+ (MS04-028) Exploit at http://www.splitinfinity.info
From: bowwow () nowhere org
Date: Mon, 11 Oct 2004 17:02:15 +0800
Gosh.....our Snort oinking another one @ hxxp://www.splitinfinity.info/fa/blok.jpg with payload @ hxxp://www.splitinfinity.info/fa/blok.jpg/fa/aga.exe . Here is the scan results from http://www.virustotal.com : ============= This is the report of the scanning done over "aga.exe" file that VirusTotal processed on 10/11/2004 at 10:42:52. Antivirus Version Update Result BitDefender 7.0 10.09.2004 - ClamWin devel-20040922 10.10.2004 - eTrust-Iris 7.1.194.0 10.10.2004 - F-Prot 3.15b 10.09.2004 - Kaspersky 4.0.2.24 10.11.2004 TrojanDownloader.Win32.Small.oh McAfee 4397 10.06.2004 - NOD32v2 1.890 10.10.2004 unpack error Norman 5.70.10 10.07.2004 W32/Downloader Panda 7.02.00 10.10.2004 - Sybari 7.5.1314 10.11.2004 TrojanDownloader.Win32.Small.oh Symantec 8.0 10.10.2004 - TrendMicro 7.000 10.10.2004 - ============= Hmmm.....no much info on this TrojanDownloader.Win32.Small.oh , any taker wanna dissect it? :) Btw thx to the Peter Kruse & Willem Koenings of [Full-Disclosure] lists on giving more details on Backdoor.Netsnake.h . Cheers, bowwow On Sat, 09 Oct 2004 09:10:22 +0800 , bowwow wrote:
Got this from company network on Snort oinking "WEB-CLIENT JPEG parser heap overflow attempt" (http://www.snort.org/snort-db/sid.html?sid=1-2705). Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @ hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- JPEG GDI+ (MS04-028) Exploit at http://www.splitinfinity.info bowwow (Oct 11)