jelmer
Wed, 27 Aug 2003 10:51:39 +0000
I am not big on viri so I looked it up : --- Mindjail is a new variant of Backdoor.SdBot code that once activated installs a backdoor into infected systems. IRC channels are scanned by bots seeking users, who are then spammed with the following messages:
1. "EEEEEEETHHHOOOM! MINDJAIL!! HE IS TRAPPED!! GET HIM OUT!" 2. "Ever heard of a thing called mindjail? Check it" Both messages are followed by a link to a file called mindjail.zip. The zip file contains a HTML file, "mindjail.html" which executes JavaScript code on vulnerable systems --- I know this thought also crossed my mind, I also recieved some mail born virusses wich used a similar scheme but one may argue that had the zip file contained a .vbs or .exe file, people would have openened it aswell. ----- Original Message ----- From: "Nick FitzGerald" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2003 4:20 AM Subject: Re: [Full-Disclosure] ADODB.Stream object > jelmer <[EMAIL PROTECTED]> wrote: > > <<snip interesting stuff>> > > I dont think it in it self can not be concidered a security vulnerabilty as > > it only works when the file containing the code is present on a users > > harddisk, though html files are generally considered trusted and you can > > probably trick some people into opening an html file by sending it to them > > through msn messenger or whatever. > > It can most likely be used to leverage other vulnerabilities, for instance > > many programs download information to predictable locations from where you > > might invoke it. > > I do not see this as much of an issue/problem for widespread > exploitation of this. Recall the (modest) "success" of the MindJail > virus, and the ongoing success of Mijail (which is by far the most > prevalent mass-mailing virus this month if you ignore the Sobig.F > freak). Both of these viruses exploited a "My Computer" zone-only IE > vulnerability, depending on the typical handling of files from inside > archives being placed into %TEMP% despite their source archives clearly > being handled in the TIF. Of course, MS (and thus IE) cannot manage > third-party programs handling of files passed out of of IE's security > zones... > > > -- > Nick FitzGerald > Computer Virus Consulting Ltd. > Ph/FAX: +64 3 3529854 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html