[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] test this

To: D B <geggam692000@xxxxxxxxx>
Subject: Re: [Full-disclosure] test this
From: Peter Bruderer <brudy@xxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Dec 2005 18:17:59 +0100

Hi there

Using a previous unknown hole in windows, an exploit was discovered
which infects a PC with spyware and trojans. The PC is infected using a
manipulated picture in the WMF format.

Only Symantec found a trojan downloader. Another AV scanners found the
downloaded code, but did not recognize the actual downloader.

(http://www.heise.de/security/news/meldung/67794 for the german
speeking)

More info:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
http://isc.sans.org/diary.php?storyid=972

My scanners (McAfee, Kaspersky, Clam) did not find anything. 

On Wed, 2005-12-28 at 08:39 -0800, D B wrote:
> could the uber geeks who do spyware check the
> attachment for me ??
> 
> do not click this URL if in windows ... possible
> malware
> 
> it is obtained from
> http://www.cabbage-soup-diet.com/negative-calorie.html
> 
> 
> GF has countless popups after visiting this site and
> scanning with several different scanners isnt finding
> the source 

-- 
  Peter Bruderer
  Bruderer Research GmbH

  phone +41 52 620 26 53
  www.brg.ch

  peter.bruderer@xxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] test this
  - From: Matt Ostiguy
- Re: [Full-disclosure] test this
  - From: Valdis Shkesters

References:
- [Full-disclosure] test this
  - From: D B

Prev by Date: RE: [Full-disclosure] test this
Next by Date: [Full-disclosure] OT: Vote for me! (was: complaints about the governemnt spying!)
Previous by thread: RE: [Full-disclosure] test this
Next by thread: Re: [Full-disclosure] test this
Index(es):
- Date
- Thread