Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: one new trojan
From: Jelmer <jkuperus () planet nl>
Date: Sat, 24 Jul 2004 21:02:23 +0200

It abuses the "MSIE JVM bytecode verifier" bug found by LSD in 2002

http://lsd-pl.net/vulnerabilities.html

Patched by

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Willem Koenings
Sent: zaterdag 24 juli 2004 19:14
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] one new trojan


hi,

today i encountered one new trojan : web.exe / services.exe,
arrives in arc.zip and is executed via java. kaspersky
doesn't identify this one yet. web exe is placed to the root
dir, then copied as services.exe to the SystemRoot\inetg

if anyone is curious to play with it :

http://conyc.com/galleryg/arc.zip

starter script is here:

http://conyc.com/galleryg/starter.html

willem.


-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault