|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] JPG worm!
From: Aaron Horst (anthrax101
gmail.com)
Date: Mon Sep 20 2004 - 16:59:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Interesting. It would appear to not be a JPEG worm, but rather to be
the regular old CHM exploits. The interesting thing about it is that
it simply calls a link that was posted to FD last week.
The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into
the main page, with http://www.xf*s.com/msn/news.htm in an iframe.
(Note: Change * to 2, to protect the unpatched IE users). I'm not sure
why that would be processed...
However, news.htm was plugged by Nicolas Montoza <xonicogmail.com> last week:
http://lists.netsys.com/pipermail/full-disclosure/2004-September/026475.html
AnthraX101
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]