Full Disclosure mailing list archives
Re: JPG worm!
From: Aaron Horst <anthrax101 () gmail com>
Date: Mon, 20 Sep 2004 17:59:30 -0400
Interesting. It would appear to not be a JPEG worm, but rather to be the regular old CHM exploits. The interesting thing about it is that it simply calls a link that was posted to FD last week. The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into the main page, with http://www.xf*s.com/msn/news.htm in an iframe. (Note: Change * to 2, to protect the unpatched IE users). I'm not sure why that would be processed... However, news.htm was plugged by Nicolas Montoza <xonico () gmail com> last week: http://lists.netsys.com/pipermail/full-disclosure/2004-September/026475.html AnthraX101 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- JPG worm! bipin gautam (Sep 20)
- Re: JPG worm! Aaron Horst (Sep 20)
- Re: JPG worm! Nicolas Montoza (Sep 22)
- <Possible follow-ups>
- Re: SV: JPG worm! bipin gautam (Sep 20)
- Re: JPG worm! Aaron Horst (Sep 20)