Penetration Testing mailing list archives
Re: Suspecious JPEG Files
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 12 Feb 2008 12:15:40 +0000
Hi all, I've used cwsandbox with executable files, but I'm not sure if it would do anything with e.g. a JPEG with a buffer overflow exploit within. Can someone confirm this? cheers, Jamie On 08/02/2008, tclahr () br ibm com <tclahr () br ibm com> wrote:
http://www.cwsandbox.org/ upload your file over there and see the results... it runs a lot of stuff, including filemon, AVs, regmon... etc Obrigado / Regards /* * Thiago Canozzo Lahr; CEH; LPIC-1; * Vulnerability Assessment Specialist; * IBM ITDelivery Brazil - Security & Risk Management; * Phone: +55 19 2132-7091; */ From: "Jamie Riden" <jamie.riden () gmail com> To: "poddima () yahoo com" <poddima () yahoo com> Cc: pen-test () securityfocus com Date: 06/02/2008 18:21 Subject: Re: Suspecious JPEG Files On 1 Feb 2008 17:09:24 -0000, poddima () yahoo com <poddima () yahoo com> wrote:Hello, I recieved via e-mail two JPEG files, one of them was not openedproperly (Default error message was displayed on the Windows Picture Viewer).The sender is known to me, and I suspect he was trying to attack mycomputer (I recieved also an infected executable file from him just a short time before, and I didn't opened it).If anyone is interested in trying to analyse the files, I'd be mostlygrateful. Please contact me and I will send you the files. Try submitting to www.virustotal.com - they will run 32 different AV engines against them. You can send them to me if you like - only gmail will screen them out if it detects a virus. Still, that would be an answer to your question :) (Have you verified that they are in fact JPEGs and not some other image format?)
-- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Suspecious JPEG Files poddima (Feb 05)
- Re: Suspecious JPEG Files Jamie Riden (Feb 06)
- Re: Suspecious JPEG Files tclahr (Feb 10)
- Re: Suspecious JPEG Files Jamie Riden (Feb 14)
- Re: Suspecious JPEG Files tclahr (Feb 10)
- Re: Suspecious JPEG Files Nikhil Wagholikar (Feb 07)
- Re: Suspecious JPEG Files Jamie Riden (Feb 06)