Full Disclosure mailing list archives

[Fwd: Re: another Trojan with the ADO hole? + a twist in the story]

From: "Daniel H. Renner" <dan () losangelescomputerhelp com>
Date: 31 Jan 2004 14:59:38 -0800

Doesn't work in Mozilla v1.3.1 on Xandros v1.1 either, though the
message was "(111) Connection refused" by
http://mitglied.lycos.de/mycutewebspace, maybe they don't like Mozilla? 
:-)

Our proxy shows the following path when you click the link:
http://freedns.afraid.org/blank.html
http://mitglied.lycos.de/mycutewebspace
http://207.46.110.24/gateway/gateway.dll?


Cheers,
Dan

-----Forwarded Message-----

From: Paul Schmehl <pauls () utdallas edu>
To: Gadi Evron <ge () egotistical reprehensible net>, bugtraq () securityfocus com, full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] another Trojan with the ADO hole? + a twist in the story
Date: 31 Jan 2004 14:24:21 -0600

--On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron 
<ge () egotistical reprehensible net> wrote:

The past Trojan horses which spread this way took advantage of the fact
web servers send an HTML 404 message if a file doesn't exist.

The original sample - britney.jpg - was simply an html file itself, and
using that fact, and IE loading it. It was combined with one of the
latest exploits of the time (I don't think MS patched it yet), and
downloaded the Trojan horses.

This time around there is actually a picture on the web page, of a real
honest to God girl. But in another frame.. the same story all over again.

For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg .


Didn't work on my Titanium using Safari.  The girl 
was....uh....well-endowed.  :-)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[Fwd: Re: another Trojan with the ADO hole? + a twist in the story] Daniel H. Renner (Jan 31)
- <Possible follow-ups>
- [Fwd: Re: another Trojan with the ADO hole? + a twist in the story] Daniel H. Renner (Jan 31)