Full Disclosure mailing list archives

RE: test this

From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 28 Dec 2005 16:39:54 -0600

Trend Micro just released a Controlled Pattern File Release (CPR)
Pattern Update - 3.1.34.04

http://www.trendmicro.com/vinfo/

The current auto-update sig = 3.1.33.00

-Todd

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of Valdis Shkesters
Sent: Wednesday, December 28, 2005 1:46 PM
To: Peter Bruderer; full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] test this

This is a report processed by VirusTotal on 12/28/2005 at 
20:38:41 (CET) after scanning the file "xpladv548.wmf.gz" file.

AntiVir - no virus found
Avast - Win32:Exdown
AVG - no virus found
Avira - no virus found
BitDefender - Exploit.Win32.WMF-PFV
CAT-QuickHeal - no virus found
ClamAV - no virus found
DrWeb - no virus found
eTrust-Iris - no virus found
eTrust-Vet - no virus found
Ewido - no virus found
Fortinet - W32/WMF-exploit
F-Prot - no virus found
Ikarus - no virus found
Kaspersky - Trojan-Downloader.Win32.Agent.acd McAfee - Exploit-WMF
NOD32v2 - Win32/TrojanDownloader.Wmfex
Norman - no virus found
Panda - Exploit/Metafile
Sophos - no virus found
Symantec - no virus found
TheHacker - no virus found
UNA - no virus found
VBA32 - no virus found

http://www.virustotal.com

----- Original Message -----
From: "Peter Bruderer" <brudy () bruderer-research com>
To: "D B" <geggam692000 () yahoo com>
Cc: <full-disclosure () lists grok org uk>
Sent: Wednesday, December 28, 2005 7:17 PM
Subject: Re: [Full-disclosure] test this

Hi there

Using a previous unknown hole in windows, an exploit was discovered
which infects a PC with spyware and trojans. The PC is

infected using a

manipulated picture in the WMF format.

Only Symantec found a trojan downloader. Another AV

scanners found the

downloaded code, but did not recognize the actual downloader.

(http://www.heise.de/security/news/meldung/67794 for the german
speeking)

More info:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
http://isc.sans.org/diary.php?storyid=972

My scanners (McAfee, Kaspersky, Clam) did not find anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

test this D B (Dec 28)
- Re: test this Niek (Dec 28)
- Re: test this José Manuel Vilariño Figueira (Dec 28)
  - RE: test this Jason Bethune (Dec 28)
- Re: test this Peter Bruderer (Dec 28)
  - Re: test this Matt Ostiguy (Dec 28)
  - Re: test this Valdis Shkesters (Dec 28)
- <Possible follow-ups>
- Re: test this Thierry Zoller (Dec 28)
  - Re[2]: test this Thierry Zoller (Dec 28)
- RE: test this Todd Towles (Dec 28)
- RE: Re[2]: test this Todd Towles (Dec 29)
  - Re: test this ad () heapoverflow com (Dec 29)
  - Re: Re[2]: test this Valdis Shkesters (Dec 29)
  - RE: Re[2]: test this Peter Ferrie (Dec 29)
    - RE: Re[2]: test this Benjamin Franz (Dec 29)
    - Re: test this Michael Holstein (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- RE: test this Todd Towles (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)

(Thread continues...)