> "mindjail.zip" contains a HTML file, "mindjail.html", which drops and
> executes "javax.sun.base.exe" (MD5: 286b884697dffd5a535295dcf5a4c6ea) on
> vulnerable systems - see "Self-Executing HTML: Internet Explorer 5.5 and
> 6.0 Part II", <http://www.securityfocus.com/archive/1/313174>, for more
> information about the vulnerability.
>
> "javax.sun.base.exe" is an upx'ed SdBot variant. It tries to connect to
> "hk.zxy0.com" [64.156.241.176].
Do you know why the messages appeared to stop at 1930 GMT or so yesterday
(27 June 2003)? I am told that they just mysteriously stopped around this
time on every network they were hitting. (I have been unable to confirm
this personally, but I haven't seen mindjail on either of the IRC networks
I frequent for over 24 hours now.
Sincerely,
Chris Ess
Systems Administrator / CDTT (Certified Duct Tape Technician)
------------------------------------------------------------------------
----
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
------------------------------------------------------------------------
----
> executes "javax.sun.base.exe" (MD5: 286b884697dffd5a535295dcf5a4c6ea) on
> vulnerable systems - see "Self-Executing HTML: Internet Explorer 5.5 and
> 6.0 Part II", <http://www.securityfocus.com/archive/1/313174>, for more
> information about the vulnerability.
>
> "javax.sun.base.exe" is an upx'ed SdBot variant. It tries to connect to
> "hk.zxy0.com" [64.156.241.176].
Do you know why the messages appeared to stop at 1930 GMT or so yesterday
(27 June 2003)? I am told that they just mysteriously stopped around this
time on every network they were hitting. (I have been unable to confirm
this personally, but I haven't seen mindjail on either of the IRC networks
I frequent for over 24 hours now.
Sincerely,
Chris Ess
Systems Administrator / CDTT (Certified Duct Tape Technician)
------------------------------------------------------------------------
----
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
------------------------------------------------------------------------
----
[ reply ]