Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: SV: JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004
From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 08:48:42 -0500


Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @ 
hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h 
trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h) 

Indeed. The malware, refered to in the jpg-exploit, was hosted as 
"msmsgs.exe" (Netsnake-H) and has now been removed, so infection from that 
specific URL, is no longer a threat. 

i wouldn't say so:

\wget -vv home.zccn.net/mm2004/mu/msmsgs.exe
--16:45:13--  http://home.zccn.net/mm2004/mu/msmsgs.exe
           => `msmsgs.exe'
Resolving home.zccn.net...
Connecting to home.zccn.net[]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58,280 [application/octet-stream]

100%[====================================>] 58,280         6.85K/s    ETA 00:00

16:45:24 (6.85 KB/s) - `msmsgs.exe' saved [58280/58280]

msmsgs.exe infected: Backdoor.Netsnake.h

all the best,

Sign-up for Ads Free at Mail.com

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]