Re: SV: [Full-Disclosure] JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004

From: Willem Koenings (isec_at_europe.com)
Date: 10/09/04

  • Next message: ppatters: "Re: [Full-Disclosure] mysql password cracking" 
    To: full-disclosure@lists.netsys.com
Date: Sat, 09 Oct 2004 08:48:42 -0500

    hi,

    > >Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @
    > >hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h
    > >trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h)
    >
    > Indeed. The malware, refered to in the jpg-exploit, was hosted as
    > "msmsgs.exe" (Netsnake-H) and has now been removed, so infection from that
    > specific URL, is no longer a threat.

    i wouldn't say so:

    \wget -vv home.zccn.net/mm2004/mu/msmsgs.exe
    --16:45:13-- http://home.zccn.net/mm2004/mu/msmsgs.exe
               => `msmsgs.exe'
    Resolving home.zccn.net... 218.89.171.197
    Connecting to home.zccn.net[218.89.171.197]:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 58,280 [application/octet-stream]

    100%[====================================>] 58,280 6.85K/s ETA 00:00

    16:45:24 (6.85 KB/s) - `msmsgs.exe' saved [58280/58280]

    msmsgs.exe infected: Backdoor.Netsnake.h

    all the best,

    W. 

    -- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: ppatters: "Re: [Full-Disclosure] mysql password cracking"

    Relevant Pages

    • Re: Encountered WMF Vulnerability
      ... tracking the threat by identifying the basic ... > detects only one more malware than AVG. ... > scanners" is best done as one resident av backed by multiple on-demand ... > 5) Killing the file association for .WMF files ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Common Malware Enumeration Initiative Now Available
      ... The question begs what will they do when the ... what about older versions of malware? ... > doesn't pose as much of a threat as new malware... ... of numbers the idea for a standard is to have it last and in ten of fifteen ...
      (alt.computer.security)
    • Re: Common Malware Enumeration Initiative Now Available
      ... The question begs what will they do when the ... what about older versions of malware? ... > doesn't pose as much of a threat as new malware... ... of numbers the idea for a standard is to have it last and in ten of fifteen ...
      (microsoft.public.security.virus)
    • Re: Malware Triangle
      ... spam doesn't belong anywhere near a malware diagram... ... > is not a threat to anything other than your time and/or your pocketbook ... Malware is a compound of Malicious Software, ...
      (alt.computer.security)
    • Re: Malware Triangle
      ... spam doesn't belong anywhere near a malware diagram... ... in the grander ... but it's no more a threat than being exposed to advertising on ... > don't have a problem with extending it's definition to meet the needs of ...
      (alt.computer.security)
    • Quantcast