RE: [Full-Disclosure] JPEG Virus

From: Peter B. Harvey (Information Security) (peterharvey_at_emergency.qld.gov.au)
Date: 09/28/04

  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:103 - Updated OpenOffice.org packages fix temporary file vulnerabilities" 
    To: "Joel R. Helgeson" <joel@helgeson.com>, <full-disclosure@netsys.com>
Date: Tue, 28 Sep 2004 16:00:37 +1000

    ***********************
    Warning: Your file, virus-jpeg.zip/possibleVirus.jpg, is password-protected. It was not scanned by InterScan.
    ***********-***********

    To all,

    This is a safer way of transmitting such images. Password is "virus"

    Also it is not a virus, it is a trojan. Viruses replicate and this one
    does not (except through stupidity). Though it won't be long before they
    add a simple SMTP engine to it.

    Link for download is available from the txt file referred to below

    My 2 bits

    Peter

    ____________________________________________
    Peter Harvey
    Information Security Officer
    Dept. Emergency Services - QLD
    Phone: +61 7 3109 7213
    ____________________________________________


      _____

    From: Joel R. Helgeson [mailto:joel@helgeson.com]
    Sent: Tuesday, September 28, 2004 3:16 PM
    To: full-disclosure@netsys.com
    Subject: [Full-Disclosure] JPEG Virus

    ***********************
    An E-mail has been sent:
    From: full-disclosure-admin@lists.netsys.com
    At: 9/28/2004 15:29:56
    Subject: Exploit-MS04-028

    This message has been blocked due to Exploit-MS04-028 which may pose a
    risk to DES. Please direct any inquiries to the IT Call Centre on
    itcallcentre@emergency.qld.gov.au.

    ***********-***********


    The attached file IS INFECTED with the new JPEG virus... Or rather, it
    has the malicious image that will then infect your machine.

    Read up on it here:
    http://www.easynews.com/virus.txt

    Enjoy!

    Joel R. Helgeson
    Director of Networking & Security Services
    SymetriQ Corporation

    "Give a man fire, and he'll be warm for a day; set a man on fire, and
    he'll be warm for the rest of his life."

    This correspondence is for the named persons only.
    It may contain confidential or privileged information or both.
    No confidentiality or privilege is waived or lost by any mis transmission.
    If you receive this correspondence in error please delete it from your system immediately and notify the sender.
    You must not disclose, copy or relay on any part of this correspondence, if you are not the intended recipient.
    Any opinions expressed in this message are those of the individual sender except where the sender expressly,
    and with the authority, states them to be the opinions of the Department of Emergency Services, Queensland.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:103 - Updated OpenOffice.org packages fix temporary file vulnerabilities"