mailing list archives
Re: New worm?
From: "http-equiv () excite com" <1 () malware com>
Date: Mon, 29 Mar 2004 01:37:16 -0000
GET / HTTP/1.1
HTTP/1.1 200 OK
Server: My Bitchin' IE Infector
Date: Sat Mar 27 13:22:27 2004
This is brilliant. Simplicity at it's best. While the original
is not particularly robust the above container should remedy
that. In typical fashion Internet Explorer and it's 'masters'
can simply be fooled into thinking they are in the 'local zone'
via a non-existent file on the drive. Quite trivial to achieve
and at the same time absolutely brilliant. This is all quite
reminiscent of the Ibiza Trojan from beginning February 2004
which would make this unpatched problem well over one month now.
Fully functional working demo, harmless .exe which over-writes
notepad.exe, the 'guts' of this particular demo which will be
flagged by any competent anti-virus suite should not be
considered the solution. The manufacturer of this particular
product that allows for all of this should be the one to address
it - once and for all - at the core level:
Full-Disclosure - We believe in it.
- Re: New worm? http-equiv () excite com (Mar 29)