Bugtraq mailing list archives
Re: GDI Virus in the wild.
From: GuidoZ <uberguidoz () gmail com>
Date: Tue, 28 Sep 2004 12:18:04 -0700
The FTP site that was hosting the files was taken down. If anyone would like to take a peek at the files used (for educational purposes only of course), let me know off list. I grabbed a copy. I'd also have to agree with Gerry. This doesn't replicate or spread once executed - it just exploits the local machine, installing a trojan/irc-bot, then connecting back. Still the first of it's kind that I'd seen. -- Peace. ~G On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur <geisenhaur () cisco com> wrote:
It's not a virus, just a connect back (82.1.163.241:55000) cmd shell exploit. /gerry Ben wrote:Allo, There is now a GDI+ jpeg exploiting virus in the wild. It was posted on Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a single person. See the following for details: http://www.easynews.com/virus.txt You can see the virus here: http://easynews.com/test/possiblevirus.jpg.gz - IsolationX-- Gerald Eisenhaur Cisco Systems, Inc. 1414 Massachusetts Ave. Boxborough, Massachusetts 01719 voice: 978.936.0465 geisenhaur () cisco com
Current thread:
- GDI Virus in the wild. Ben (Sep 27)
- Re: GDI Virus in the wild. Gerry Eisenhaur (Sep 27)
- Re: GDI Virus in the wild. GuidoZ (Sep 28)
- Re: GDI Virus in the wild. Gerry Eisenhaur (Sep 27)