Re: GDI Virus in the wild.

To: ben@xxxxxxxxxxxx
Subject: Re: GDI Virus in the wild.
From: Gerry Eisenhaur <GEisenhaur@xxxxxxxxx>
Date: Mon, 27 Sep 2004 15:45:10 -0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <1096266888.7939.7.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Cisco Systems, Inc.
References: <1096266888.7939.7.camel@xxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 0.8 (X11/20040913)

It's not a virus, just a connect back (82.1.163.241:55000) cmd shellexploit.


/gerry

Ben wrote:

Allo,

There is now a GDI+ jpeg exploiting virus in the wild.  It was posted
on  Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a
single person.

See the following for details:
http://www.easynews.com/virus.txt

You can see the virus here:
http://easynews.com/test/possiblevirus.jpg.gz


- IsolationX


--
Gerald Eisenhaur
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, Massachusetts 01719
voice:  978.936.0465
geisenhaur@xxxxxxxxx

Follow-Ups:
- Re: GDI Virus in the wild.
  - From: GuidoZ

References:
- GDI Virus in the wild.
  - From: Ben

Prev by Date: Re: New whitepaper "The Phishing Guide"
Next by Date: Re: Diebold Global Election Management System (GEMS) Backdoor
Previous by thread: GDI Virus in the wild.
Next by thread: Re: GDI Virus in the wild.
Index(es):
- Date
- Thread