Based on the recently discovered vulnerability in Windows and IE, it's already been created:
Slashdot Link
Just an FYI Post.
KeyserSoze
Slashdot Link
Just an FYI Post.
KeyserSoze
JPEG Exploit on the loose
- Thread starter KeyserSoze
- Start date
Last week it was just "this is possible" - MS typically warns ahead of time to give people a week or two lead on the virus writers that will inevitably pounce on it.
This is the first sighting in the wild, and is VERY significant.
Viper GTS
You're very welcome. I'm sorry, on a board of mostly Computer Professionals, I thought this might be news. Yes, the vulnerability is a few weeks old....but an actual exploit isn't.
KeyserSoze
- Oct 10, 1999
- 31,298
- 12,818
- 136
I tested out the nasty ah heck on my PC.
Norton attacked it right away and called it Bloodhound.Exploit.13
Anyone else notice that this virus showed up on a Transsexual newsgroup?
Norton attacked it right away and called it Bloodhound.Exploit.13
Anyone else notice that this virus showed up on a Transsexual newsgroup?
- Nov 27, 1999
- 65,397
- 407
- 126
No :camera:'s please.
Sigh. F-ing MS and their craptastic OS. I remember a time when viewing JPG's was safe.
Sigh. F-ing MS and their craptastic OS. I remember a time when viewing JPG's was safe.
Koing
Elite Member <br> Super Moderator<br> Health and F
- Oct 11, 2000
- 16,843
- 2
- 0
Thanks for the heads up. Didn't catch it when it was announced or whatever the other week.
Funny I got an email apprently from 'Citibank' from 'paypal' with a link and a jpg of some sort today. I deleted the ah heck right away though.
Koing
Funny I got an email apprently from 'Citibank' from 'paypal' with a link and a jpg of some sort today. I deleted the ah heck right away though.
Koing
- Oct 10, 1999
- 31,298
- 12,818
- 136
Here is the first message header:
Path: news.easynews.com!core-easynews!newsfeed2.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!
cyclone1.gnilink.net!gnilink.net!wn14feed!worldnet.att.net!204.71.34.3!newsfeed.cwix.com!newsfeed.icl.net!newsfeed.wirehub.nl!news.cambrium.nl!news.cambrium.nl
!news2.euro.net!62.253.162.219.MISMATCH!news-in.ntli.net!newsrout1-win.ntli.net!ntli.net!newspeer1-win.ntli.net!newsfe3-win.ntli.net.POSTED!53ab2750!not-for-mail
From: Power-Poster@power-post.org (Power-Post 2000)
Sender: Power-Poster@power-post.org
Newsgroups: alt.binaries.multimedia.erotica.transsexuals,alt.binaries.pictures.erotica.transexual,alt.binaries.pictures.erotica.transexual.action,alt.binaries.pictures.erotica.transsexual
Subject: (Shemale-loves it up the ass.jpg (1/1)] [1/1] - Shemale loves it up the ass
X-Newsposter: NNTP POWER-POST 2000 (Build 24c) - net-toys.8k.com
Lines: 96
Message-ID: <A_J5d.105$24.101@newsfe3-win.ntli.net>
Date: Mon, 27 Sep 2004 01:25:52 GMT
NNTP-Posting-Host: 82.1.163.241
X-Trace: newsfe3-win.ntli.net 1096248352 82.1.163.241 (Mon, 27 Sep 2004 02:25:52 BST)
NNTP-Posting-Date: Mon, 27 Sep 2004 02:25:52 BST
Organization: NTL
Xref: core-easynews alt.binaries.multimedia.erotica.transsexuals:1756301 alt.binaries.pictures.erotica.transexual:393069 alt.binaries.pictures.erotica.transexual.action:2666691 alt.binaries.pictures.erotica.transsexual:207823
X-Received-Date: Sun, 26 Sep 2004 19:19:51 MST (news.easynews.com)
This is a very old exploit. I used to have this nifty little program that built a script into the image of my choosing. I was stealing the passwords of people I hated for years because they were dumb enough to open an email from me.. :laugh:
I can't seem to find the update to patch this... im on sp2
could it be possible im already patched, how do i check?
could it be possible im already patched, how do i check?
- Oct 10, 1999
- 31,298
- 12,818
- 136
Same concept. When I was doing it, the execution allowed the virus to do things like change the client's host file (what I was doing) and edit other system files. It was fun.
Originally posted by: Nik
Same concept. When I was doing it, the execution allowed the virus to do things like change the client's host file (what I was doing) and edit other system files. It was fun.
Remind me to stay on your GOOD side.
KeyserSoze
Originally posted by: KeyserSoze
Originally posted by: Nik
Same concept. When I was doing it, the execution allowed the virus to do things like change the client's host file (what I was doing) and edit other system files. It was fun.
Remind me to stay on your GOOD side.
KeyserSoze
haha - have the proggy set the host file to redirect the URL when they check their email (webmail) to your home IP and then setup an HTTP server on your end to emulate the login page. When they put their user/pass into the boxes and click login, the page on your end saves the user/pass to a file on your PC and then forwards them to the correct IP. With some languages, you can pass the user/pass variables along with that redirection so that when they get redirected, they go right into their own legitimate inbox.
They won't even know that anything's happened.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
Facebook
Twitter