[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Xmas virus on the cards ?
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] Xmas virus on the cards ?
- From: "security squirrel" <secsquirrel@lycos.com>
- Date: Thu, 18 Dec 2003 06:29:46 -0400
Hi all -
I noticed this article at http://www.vnunet.com/News/1151553 and it looks
alarming - however did not find any more details.
If I understand well an HTML file is renamed to JPG and attached to an email.
However I did not manage to reproduce this.
This is my summary of the article:
1. xmas card emails to LEAD to innocent images which are not images but have
viruses
2. Mail Filtering systems should handle images just like HTML files + educate
3. ISS reports that this was on a hacker mailing list
4. techniques to bypass firewalls by MISLABELLING html files as JPGs
5. Steven Darrall is a senior consultant at ISS X-Force Security Assessment
Services
6. The problem is caused by Microsoft's Internet Explorer (IE) web browser
automatically opening files labelled with .jpg or .gif extensions.
7. Hackers have posted a proof-of-concept file in which the content was a
script that caused the browser to download and install a virus according to
Darrall
8. The site serving the virus has since been shut down
Is the image an attachment or is it simply a link to a .jpg file on an HTTP
server? Did anyone manage to reproduce this or can point to the original post
on the "hacker mailing list" which describes this?
- Sec-Squirrel :)
____________________________________________________________
Free Poetry Contest. Win $10,000. Submit your poem @ Poetry.com!
http://ad.doubleclick.net/clk;6750922;3807821;l?http://www.poetry.com/contest/contest.asp?Suite=A59101
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html