BugTraq
GDI Virus in the wild. Sep 27 2004 06:34AM
Ben (ben easynews com) (1 replies)
Re: GDI Virus in the wild. Sep 27 2004 07:45PM
Gerry Eisenhaur (GEisenhaur cisco com) (1 replies)
Re: GDI Virus in the wild. Sep 28 2004 07:18PM
GuidoZ (uberguidoz gmail com)
The FTP site that was hosting the files was taken down. If anyone
would like to take a peek at the files used (for educational purposes
only of course), let me know off list. I grabbed a copy.

I'd also have to agree with Gerry. This doesn't replicate or spread
once executed - it just exploits the local machine, installing a
trojan/irc-bot, then connecting back. Still the first of it's kind
that I'd seen.

--
Peace. ~G

On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur
<geisenhaur (at) cisco (dot) com [email concealed]> wrote:
> It's not a virus, just a connect back (82.1.163.241:55000) cmd shell
> exploit.
>
> /gerry
>
> Ben wrote:
> > Allo,
> >
> > There is now a GDI+ jpeg exploiting virus in the wild. It was posted
> > on Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a
> > single person.
> >
> > See the following for details:
> > http://www.easynews.com/virus.txt
> >
> > You can see the virus here:
> > http://easynews.com/test/possiblevirus.jpg.gz
> >
> >
> > - IsolationX
> >
> >
>
> --
> Gerald Eisenhaur
> Cisco Systems, Inc.
> 1414 Massachusetts Ave.
> Boxborough, Massachusetts 01719
> voice: 978.936.0465
> geisenhaur (at) cisco (dot) com [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus