Full Disclosure mailing list archives
Re: SV: JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004
From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 08:48:42 -0500
hi,
Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @ hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h)Indeed. The malware, refered to in the jpg-exploit, was hosted as "msmsgs.exe" (Netsnake-H) and has now been removed, so infection from that specific URL, is no longer a threat.
i wouldn't say so: \wget -vv home.zccn.net/mm2004/mu/msmsgs.exe --16:45:13-- http://home.zccn.net/mm2004/mu/msmsgs.exe => `msmsgs.exe' Resolving home.zccn.net... 218.89.171.197 Connecting to home.zccn.net[218.89.171.197]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 58,280 [application/octet-stream] 100%[====================================>] 58,280 6.85K/s ETA 00:00 16:45:24 (6.85 KB/s) - `msmsgs.exe' saved [58280/58280] msmsgs.exe infected: Backdoor.Netsnake.h all the best, W. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: SV: JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004 Willem Koenings (Oct 09)
- SV: SV: JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004 Peter Kruse (Oct 09)