[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] another Trojan with the ADO hole? + a twist
From:       Paul Schmehl <pauls () utdallas ! edu>
Date:       2004-01-31 20:24:21
Message-ID: 2147483647.1075559061 () [192 ! 168 ! 2 ! 101]
[Download RAW message or body]

--On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron 
<ge@egotistical.reprehensible.net> wrote:

> The past Trojan horses which spread this way took advantage of the fact
> web servers send an HTML 404 message if a file doesn't exist.
>
> The original sample - britney.jpg - was simply an html file itself, and
> using that fact, and IE loading it. It was combined with one of the
> latest exploits of the time (I don't think MS patched it yet), and
> downloaded the Trojan horses.
>
> This time around there is actually a picture on the web page, of a real
> honest to God girl. But in another frame.. the same story all over again.
>
> For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .

Didn't work on my Titanium using Safari.  The girl 
was....uh....well-endowed.  :-)

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]