[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] JPEG GDI+ (MS04-028) Exploit at http://www.splitinfinity.info
- To: full-disclosure@xxxxxxxxxxxxxxxx, list@xxxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] JPEG GDI+ (MS04-028) Exploit at http://www.splitinfinity.info
- From: bowwow@xxxxxxxxxxx
- Date: Mon, 11 Oct 2004 17:02:15 +0800
Gosh.....our Snort oinking another one @
hxxp://www.splitinfinity.info/fa/blok.jpg with payload @
hxxp://www.splitinfinity.info/fa/blok.jpg/fa/aga.exe .
Here is the scan results from http://www.virustotal.com :
=============
This is the report of the scanning done over "aga.exe" file that
VirusTotal processed on 10/11/2004 at 10:42:52.
Antivirus Version Update Result
BitDefender 7.0 10.09.2004 -
ClamWin devel-20040922 10.10.2004 -
eTrust-Iris 7.1.194.0 10.10.2004 -
F-Prot 3.15b 10.09.2004 -
Kaspersky 4.0.2.24 10.11.2004 TrojanDownloader.Win32.Small.oh
McAfee 4397 10.06.2004 -
NOD32v2 1.890 10.10.2004 unpack error
Norman 5.70.10 10.07.2004 W32/Downloader
Panda 7.02.00 10.10.2004 -
Sybari 7.5.1314 10.11.2004 TrojanDownloader.Win32.Small.oh
Symantec 8.0 10.10.2004 -
TrendMicro 7.000 10.10.2004 -
=============
Hmmm.....no much info on this TrojanDownloader.Win32.Small.oh , any
taker wanna dissect it? :)
Btw thx to the Peter Kruse & Willem Koenings of [Full-Disclosure]
lists on giving more details on Backdoor.Netsnake.h .
Cheers,
bowwow
On Sat, 09 Oct 2004 09:10:22 +0800 , bowwow wrote:
>Got this from company network on Snort oinking "WEB-CLIENT JPEG parser
>heap overflow attempt"
>(http://www.snort.org/snort-db/sid.html?sid=1-2705).
>
>Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @
>hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h
>trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html