Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: one new trojan

From: Jelmer <jkuperus () planet nl>
Date: Sat, 24 Jul 2004 21:02:23 +0200
It abuses the "MSIE JVM bytecode verifier" bug found by LSD in 2002

http://lsd-pl.net/vulnerabilities.html

Patched by

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Willem Koenings
Sent: zaterdag 24 juli 2004 19:14
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] one new trojan


hi,

today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg

if anyone is curious to play with it :

http://conyc.com/galleryg/arc.zip

starter script is here:

http://conyc.com/galleryg/starter.html

willem.


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: