Full Disclosure mailing list archives

RE: JPEG GDI

From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 28 Sep 2004 16:19:40 -0500

This was sent out on FD this morning as a password protected ZIP file. 

I downloaded a copy via wget, both my proxy AV and my desktop AV were
able to detect it as a MS04-028 expolit.

The story was also posted to Slashdot.org last night

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Barrie
Dempster
Sent: Tuesday, September 28, 2004 3:16 PM
To: Barry Fitzgerald
Cc: str0ke () milw0rm com; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] JPEG GDI

On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote:

Yep - in fact I was reading this morning on http://isc.sans.org/ that 
one was just found on an adult newsgroup.

             -Barry


Indeed Barry, heres more information on that for you or others
interested http://easynews.com/virus.html

I know the file itself has already been posted to the list but this link
gives some preliminary analysis of if it too, which shows it as a trojan
infection vector and not really a virus in the traditional sense.

 
--
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

JPEG GDI str0ke (Sep 28)
- Re: JPEG GDI Barry Fitzgerald (Sep 28)
  - Re: JPEG GDI Barrie Dempster (Sep 28)
- <Possible follow-ups>
- RE: JPEG GDI Todd Towles (Sep 28)
  - Re: JPEG GDI GuidoZ (Sep 28)