Full Disclosure mailing list archives
RE: one new trojan
From: Jelmer <jkuperus () planet nl>
Date: Sat, 24 Jul 2004 21:02:23 +0200
It abuses the "MSIE JVM bytecode verifier" bug found by LSD in 2002 http://lsd-pl.net/vulnerabilities.html Patched by http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Willem Koenings Sent: zaterdag 24 juli 2004 19:14 To: full-disclosure () lists netsys com Subject: [Full-disclosure] one new trojan hi, today i encountered one new trojan : web.exe / services.exe, arrives in arc.zip and is executed via java. kaspersky doesn't identify this one yet. web exe is placed to the root dir, then copied as services.exe to the SystemRoot\inetg if anyone is curious to play with it : http://conyc.com/galleryg/arc.zip starter script is here: http://conyc.com/galleryg/starter.html willem. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- one new trojan Willem Koenings (Jul 24)
- Re: one new trojan Filbert (Jul 24)
- RE: one new trojan Jelmer (Jul 24)
- <Possible follow-ups>
- re: one new trojan Willem Koenings (Jul 24)
- Re: one new trojan Filbert (Jul 24)
- Re: one new trojan Ben Lambrey (Jul 25)
- Re: one new trojan Abilash Praveen M (Jul 27)