Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] JPEG GDI

from [GuidoZ] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] JPEG GDI
Date: Tue, 28 Sep 2004 18:21:04 -0700 
If anyone is interested in the files this GDI exploit downloaded from
the FTP file (mentioned in the Easynews txt; it's now down), I grabbed
a copy. Interesting indeed. I've also archived the Easynews write-ups
and the "infected" JPEG itself. It's not exactly a virus being that it
doesn't replicate or spread in any way, just a connect back which
downloads some torjan/irc-bot files. (List of files available on the
Easynews.txt page.)

Email me off list for a link of it all.

--
Peace. ~G


On Tue, 28 Sep 2004 16:19:40 -0500, Todd Towles
<toddtowles@brookshires.com> wrote:

This was sent out on FD this morning as a password protected ZIP file.

I downloaded a copy via wget, both my proxy AV and my desktop AV were
able to detect it as a MS04-028 expolit.

The story was also posted to Slashdot.org last night



-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Barrie
Dempster
Sent: Tuesday, September 28, 2004 3:16 PM
To: Barry Fitzgerald
Cc: str0ke@milw0rm.com; full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] JPEG GDI

On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote:

Yep - in fact I was reading this morning on http://isc.sans.org/ that
one was just found on an adult newsgroup.

             -Barry


Indeed Barry, heres more information on that for you or others
interested http://easynews.com/virus.html

I know the file itself has already been posted to the list but this link
gives some preliminary analysis of if it too, which shows it as a trojan
infection vector and not really a virus in the traditional sense.

--
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Need layman terms for jpeg exploit, GuidoZ
Next by Date:  Re: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP, Hidenobu Seki
Previous by Thread:  RE: [Full-Disclosure] JPEG GDI, Todd Towles
Next by Thread:  RE: [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #1933 - 20, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]