Bugtraq: Re: GDI Virus in the wild.

[GuidoZ <uberguidoz () gmail com>]

The FTP site that was hosting the files was taken down. If anyone
would like to take a peek at the files used (for educational purposes
only of course), let me know off list. I grabbed a copy.

I'd also have to agree with Gerry. This doesn't replicate or spread
once executed - it just exploits the local machine, installing a
trojan/irc-bot, then connecting back. Still the first of it's kind
that I'd seen.

--
Peace. ~G


On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur
<geisenhaur () cisco com> wrote:
> It's not a virus, just a connect back (82.1.163.241:55000) cmd shell
> exploit.
>
> /gerry
>
> Ben wrote:
> > Allo,
> >
> > There is now a GDI+ jpeg exploiting virus in the wild.  It was posted
> > on  Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a
> > single person.
> >
> > See the following for details:
> > http://www.easynews.com/virus.txt
> >
> > You can see the virus here:
> > http://easynews.com/test/possiblevirus.jpg.gz
> >
> >
> > - IsolationX
> --
> Gerald Eisenhaur
> Cisco Systems, Inc.
> 1414 Massachusetts Ave.
> Boxborough, Massachusetts 01719
> voice:  978.936.0465
> geisenhaur () cisco com