<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: another Trojan with the ADO hole? + a twist in the story

another Trojan with the ADO hole? + a twist in the story

From: Gadi Evron <ge_at_egotistical.reprehensible.net>
Date: Sat, 31 Jan 2004 19:35:06 +0200

The past Trojan horses which spread this way took advantage of the fact
web servers send an HTML 404 message if a file doesn't exist.

The original sample - britney.jpg - was simply an html file itself, and
using that fact, and IE loading it. It was combined with one of the
latest exploits of the time (I don't think MS patched it yet), and
downloaded the Trojan horses.

This time around there is actually a picture on the web page, of a real
honest to God girl. But in another frame.. the same story all over again.

For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .

Gadi Evron.
Received on Feb 03 2004

This message: [ Message body ]
Next message: Patrick Proniewski: "Re: RFC: virus handling"
Previous message: advisory_at_security-corporation.com: "[SCSA-027] PHP-Nuke 6.9 SQL Injection Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos