Full Disclosure mailing list archives
Re: test this
From: Peter Bruderer <brudy () bruderer-research com>
Date: Wed, 28 Dec 2005 18:17:59 +0100
Hi there Using a previous unknown hole in windows, an exploit was discovered which infects a PC with spyware and trojans. The PC is infected using a manipulated picture in the WMF format. Only Symantec found a trojan downloader. Another AV scanners found the downloaded code, but did not recognize the actual downloader. (http://www.heise.de/security/news/meldung/67794 for the german speeking) More info: http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 http://isc.sans.org/diary.php?storyid=972 My scanners (McAfee, Kaspersky, Clam) did not find anything. On Wed, 2005-12-28 at 08:39 -0800, D B wrote:
could the uber geeks who do spyware check the attachment for me ?? do not click this URL if in windows ... possible malware it is obtained from http://www.cabbage-soup-diet.com/negative-calorie.html GF has countless popups after visiting this site and scanning with several different scanners isnt finding the source
-- Peter Bruderer Bruderer Research GmbH phone +41 52 620 26 53 www.brg.ch peter.bruderer () brg ch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- test this D B (Dec 28)
- Re: test this Niek (Dec 28)
- Re: test this José Manuel Vilariño Figueira (Dec 28)
- RE: test this Jason Bethune (Dec 28)
- Re: test this Peter Bruderer (Dec 28)
- Re: test this Matt Ostiguy (Dec 28)
- Re: test this Valdis Shkesters (Dec 28)
- <Possible follow-ups>
- Re: test this Thierry Zoller (Dec 28)
- Re[2]: test this Thierry Zoller (Dec 28)
- RE: test this Todd Towles (Dec 28)
- RE: Re[2]: test this Todd Towles (Dec 29)
- Re: test this ad () heapoverflow com (Dec 29)
- Re: Re[2]: test this Valdis Shkesters (Dec 29)
- RE: Re[2]: test this Peter Ferrie (Dec 29)
- RE: Re[2]: test this Benjamin Franz (Dec 29)
(Thread continues...)