Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Bugtraq: Re: what is this?

Re: what is this?

From: crazy frog crazy frog <i.m.crazy.frog_at_gmail.com>
Date: Mon, 14 Jan 2008 21:26:59 +0530

yep ther eis one yahoo messenger exploit too.

On Jan 14, 2008 9:14 PM, Jose Nazario <jose_at_monkey.org> wrote:
> On Sun, 13 Jan 2008, crazy frog crazy frog wrote:
>
> > http://secgeeks.com/what.zip
> > password is 12345
> > can somebody guide/help me what is this and how can i remove it?
>
> te file you sent here contains a bunch of embeded nulls (every other
> character is 00). stripping those out reveals ...
>
> that it's a collection of browser exploits. by the looks of it it's MPack
> and uses the heapspray slide stuff.
>
> the goal is to download hxxp://techicorner.com/bcuoixqf (which looks dead)
> as a local file c:\\mosvs8.exe and then run it.
>
>
> very common exploit scenario these days (but they usually have some form
> of js obfuscation going on).
>
> i hope this helps.
>
> ________
> jose nazario, ph.d. http://monkey.org/~jose/
> 

-- 
advertise on secgeeks?
http://secgeeks.com/Advertising_on_Secgeeks.com
http://newskicks.com
Received on Jan 14 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]