Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

another Trojan with the ADO hole? + a twist in the story
From: Gadi Evron <ge () egotistical reprehensible net>
Date: Sat, 31 Jan 2004 19:35:06 +0200
The past Trojan horses which spread this way took advantage of the fact web servers send an HTML 404 message if a file doesn't exist.
The original sample - britney.jpg - was simply an html file itself, and using that fact, and IE loading it. It was combined with one of the latest exploits of the time (I don't think MS patched it yet), and downloaded the Trojan horses.
This time around there is actually a picture on the web page, of a real honest to God girl. But in another frame.. the same story all over again. 

For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .

    Gadi Evron.

  By Date           By Thread  

Current thread:
  • another Trojan with the ADO hole? + a twist in the story Gadi Evron (Feb 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]