[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] new worm - "warm-pussy.jpg".

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] new worm - "warm-pussy.jpg".
From: "I.R. van Dongen" <vdongen@hetisw.nl>
Date: Thu, 13 Nov 2003 09:00:13 +0100

On Wed, Nov 12, 2003 at 02:36:41PM -0500, segfault wrote:
> You idiot.  Just because a file is called warm-pussy.jpg, doesn't mean that
> the webserver it resides on isn't going to parse it's actual content (which
> is probably plaintext).  Look again, I'm sure you'll be surprised.
> 
> Contents of warm-pussy.jpg:
<snip>

I edited the source to make it harmless (putty from official website
instead of virus) and fixed the dependency on existence of c:\windows.

For those who want to see how it works:
http://lamorak.hetisw.nl/concept.jpg

I tested on 3 volunteers and 1 reported a virusscanner (can't remember
which one) reporting VBS/Psyme.

Either test on a fast line, or allow enough time for putty to download.

Greetings,

Ivo van Dongen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] new worm - "warm-pussy.jpg".
  - From: "Tom Russell" <kalleth@nildram.co.uk>
- Re: [Full-Disclosure] new worm - "warm-pussy.jpg".
  - From: "segfault" <segfault@nycap.rr.com>

Prev by Date: Re: [Full-Disclosure] new worm - "warm-pussy.jpg".
Next by Date: [Full-Disclosure] [RHSA-2003:313-01] Updated PostgreSQL packages fix buffer overflow
Previous by thread: Re: [Full-Disclosure] new worm - "warm-pussy.jpg".
Next by thread: [Full-Disclosure] SRT2003-11-11-1151 - clamav-milter remote exploit / DoS
Index(es):
- Date
- Thread