Full Disclosure mailing list archives
Re: another Trojan with the ADO hole? + a twist in the story
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 31 Jan 2004 14:24:21 -0600
--On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron <ge () egotistical reprehensible net> wrote:
The past Trojan horses which spread this way took advantage of the fact web servers send an HTML 404 message if a file doesn't exist. The original sample - britney.jpg - was simply an html file itself, and using that fact, and IE loading it. It was combined with one of the latest exploits of the time (I don't think MS patched it yet), and downloaded the Trojan horses. This time around there is actually a picture on the web page, of a real honest to God girl. But in another frame.. the same story all over again. For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .
Didn't work on my Titanium using Safari. The girl was....uh....well-endowed. :-)
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- another Trojan with the ADO hole? + a twist in the story Gadi Evron (Jan 31)
- Re: another Trojan with the ADO hole? + a twist in the story KF (Jan 31)
- Re: another Trojan with the ADO hole? + a twist in the story Paul Schmehl (Jan 31)