Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SV: JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004
From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 08:48:42 -0500


hi,

Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @ 
hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h 
trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h) 

Indeed. The malware, refered to in the jpg-exploit, was hosted as 
"msmsgs.exe" (Netsnake-H) and has now been removed, so infection from that 
specific URL, is no longer a threat. 

i wouldn't say so:

\wget -vv home.zccn.net/mm2004/mu/msmsgs.exe
--16:45:13--  http://home.zccn.net/mm2004/mu/msmsgs.exe
           => `msmsgs.exe'
Resolving home.zccn.net... 218.89.171.197
Connecting to home.zccn.net[218.89.171.197]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58,280 [application/octet-stream]

100%[====================================>] 58,280         6.85K/s    ETA 00:00

16:45:24 (6.85 KB/s) - `msmsgs.exe' saved [58280/58280]



msmsgs.exe infected: Backdoor.Netsnake.h


all the best,

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]