[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SV: [Full-Disclosure] JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: SV: [Full-Disclosure] JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004
- From: "Willem Koenings" <isec@xxxxxxxxxx>
- Date: Sat, 09 Oct 2004 08:48:42 -0500
hi,
> >Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @
> >hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h
> >trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h)
>
> Indeed. The malware, refered to in the jpg-exploit, was hosted as
> "msmsgs.exe" (Netsnake-H) and has now been removed, so infection from that
> specific URL, is no longer a threat.
i wouldn't say so:
\wget -vv home.zccn.net/mm2004/mu/msmsgs.exe
--16:45:13-- http://home.zccn.net/mm2004/mu/msmsgs.exe
=> `msmsgs.exe'
Resolving home.zccn.net... 218.89.171.197
Connecting to home.zccn.net[218.89.171.197]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58,280 [application/octet-stream]
100%[====================================>] 58,280 6.85K/s ETA 00:00
16:45:24 (6.85 KB/s) - `msmsgs.exe' saved [58280/58280]
msmsgs.exe infected: Backdoor.Netsnake.h
all the best,
W.
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html