Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: GDI Virus in the wild.

from [GuidoZ] Network Security [Permanent Link]
Subject: Re: GDI Virus in the wild.
Date: Tue, 28 Sep 2004 12:18:04 -0700 
The FTP site that was hosting the files was taken down. If anyone
would like to take a peek at the files used (for educational purposes
only of course), let me know off list. I grabbed a copy.

I'd also have to agree with Gerry. This doesn't replicate or spread
once executed - it just exploits the local machine, installing a
trojan/irc-bot, then connecting back. Still the first of it's kind
that I'd seen.

--
Peace. ~G


On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur
<geisenhaur@cisco.com> wrote:

It's not a virus, just a connect back (82.1.163.241:55000) cmd shell
exploit.

/gerry

Ben wrote:

Allo,

There is now a GDI+ jpeg exploiting virus in the wild.  It was posted
on  Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a
single person.

See the following for details:
http://www.easynews.com/virus.txt

You can see the virus here:
http://easynews.com/test/possiblevirus.jpg.gz


- IsolationX




--
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, Massachusetts 01719
voice:  978.936.0465
geisenhaur@cisco.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GDI Virus in the wild., Gerry Eisenhaur
Next by Date:  Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP, Hidenobu Seki
Previous by Thread:  Re: GDI Virus in the wild., Gerry Eisenhaur
Next by Thread:  Broadcast crash in Chatman 1.5.1 RC1, Luigi Auriemma
Indexes:  [Date] [Thread] [Top] [All Lists]