-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
He still does not get it. Despite his bizzare ability to bloat his prose
with nothing, probably so from coming from the bloated code school of
his principal, and he still says nothing. What he isn't is a professional.
A professional anything. Rather a
On Tue, 22 Jun 2004 09:04:37 +1200, Stuart Fox (DSL AK)
[EMAIL PROTECTED] wrote:
How about changing the .exe convention? Making a file
executable by it's extension probably causes a lot of
opportunities for problems, doesn't it?
Also, the magic file names, like CON and AUX
hi
everyone,
i
have been taking on my first large and blind wireless pentest
and i
have
nearly become lost in the jaws of a wireless network and would
appreciate
any help. first i'lll state
what i have so far done and seen
the
network was encrypted but with wep and large traffic
Could that be the reason that I see a whole explosion in Spy and Malware
infections right now ?
http://www.techweb.com/wire/story/TWB20040623S0007
Helmut Hauser
___
Full-Disclosure - We believe in it.
Charter:
Yesterday a large client of ours was taken down by what
appears to be a Korgo variant, but I have been unable to locate any information
on this worm. From what we have discovered, the main process is VDisp.exe.
It is spreading through unpatched systems vulnerable to the LSASS exploit, and
Unitl your crappy office filter is smart
enough to know that that is a potential anonymizer and blocks it as well...like
ours does.
Cheers
Bart Lansing
Manager, Desktop Services
Kohl's IT
[EMAIL PROTECTED] wrote on 06/23/2004
12:04:01 PM:
This really isn't that new.
For years you have
http://www.f-secure.com/weblog/
-Original Message-From: Michael Young
[mailto:[EMAIL PROTECTED]Sent: Thursday, June 24,
2004 7:57 AMTo: [EMAIL PROTECTED]Subject:
[Full-Disclosure] New Worm Discovery - Potential Korgo
Variant
Yesterday a large client of ours
was
Le jeu 24/06/2004 14:57, Michael Young a crit :
Yesterday a large client of ours was taken down by what appears to be
a Korgo variant, but I have been unable to locate any information on
this worm. From what we have discovered, the main process is
VDisp.exe. It is spreading through
The worm clearly exploits the LSASS overflow and is not spreading through
the FTP dameon left by Sasser.
-Original Message-
From: Cedric Blancher [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 24, 2004 10:04 AM
To: Michael Young
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] New
Le jeu 24/06/2004 à 16:14, Michael Young a écrit :
The worm clearly exploits the LSASS overflow and is not spreading through
the FTP dameon left by Sasser.
Oups... My mistake... I messed with Korgo and Dabber...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
http://www.kb.cert.org/vuls/id/654390
Apparently one of the new DHCP vulnerabilities stems
from the following code found in a header file.
#define vsnprintf(buf, size, fmt, list) vsprintf (buf,
fmt, list)
Why would any coder replace a more secure function
with a less secure function?
Kaspersky detect it as Backdoor.Agobot.gen. So another one of the many
other Agobot variants.
Michael Young wrote:
Yesterday a large client of ours was taken down by what appears to be
a Korgo variant, but I have been unable to locate any information on
this worm. From what we have
is your safe mode on? .. whats ur platorm.
give more details!
On Wednesday 23 June 2004 07:05 am, VeNoMouS wrote:
Found a issue last night while testing php_exec_dir patch
if you do the following
$blah=`ps aux`;
echo nl2br($blah);
php_exec_dir will block the call if you have set the
Hello,
we also came across a system with a variant of Korgo/Padobot that was NOT
infected with sasser before!
Infection possibly took place via HTTP, a file containing the virus was
found in the temporary internet files.
Looks like this new padobot is also able to spread via Internet Expolrer
Could you guys stop sending me Beagle.X? I already
have enough copies of that. Could I make requests of
which viriises I would like to receive?
hahahahahahahahahahahahahahhohohohohohohohoh
Crapfully yours,
Stiny
___
Full-Disclosure - We belive in it
McAfee says W32/Gaobot.worm.gen.j
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Young
Sent: Thursday, June 24, 2004 5:39 PM
To: 'Peter Kosinar'; [EMAIL PROTECTED]
Subject: MCAFEE E-MAIL SCAN ALERT!~RE: [FULL-DISCLOSURE] NEW
In my opinion
this is an unknown Agobot variant [as told from NAI]
TrendMicro calls it:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=DOS_AGOBOT%2EGEN
(it changes the host file)
It is packed with one of the latest PECompact.
Put itself in the usual suspect run keys + services as
On Thu, 24 Jun 2004 08:27:11 PDT, VX Dude [EMAIL PROTECTED] said:
http://www.kb.cert.org/vuls/id/654390
Apparently one of the new DHCP vulnerabilities stems
from the following code found in a header file.
#define vsnprintf(buf, size, fmt, list) vsprintf (buf,
fmt, list)
Why would any
--- [EMAIL PROTECTED] wrote:
snip
It's easier to just #define the critter than to
re-re-invent the C code
for vsnprintf() (which isn't always trivial, as your
vsnprintf() has to play
nice with the vendor's stdio - this can be .. umm...
interesting if the
innards of the vendor stdio are more
On Thu, 24 Jun 2004 11:22:18 PDT, VX Dude said:
Good point, personally I wouldn't think that making a
small wrapper would take that long, but then again I
havent done it, and I havent done it under stress and
a time crunch. I code for fun and not profit which is
pretty stress free.
Writing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200406-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
On Thu, 24 Jun 2004 [EMAIL PROTECTED] wrote:
It's easier to just #define the critter than to re-re-invent the C code
for vsnprintf() (which isn't always trivial, as your vsnprintf() has to play
nice with the vendor's stdio - this can be .. umm... interesting if the
innards of the vendor stdio
On Thu, June 24, 2004 11:22 am, VX Dude said:
Good point, personally I wouldn't think that making a
small wrapper would take that long, but then again I
havent done it, and I havent done it under stress and
a time crunch. I code for fun and not profit which is
pretty stress free.
Isn't the
From http://www.eweek.com/article2/0,,1617045,00.asp:
Analysts at NetSec Inc., a managed security services provider, began seeing
indications
of the compromises early Thursday morning and have since seen a large number of
identical attacks on their customers' networks. The attack uses a novel
Hi!
On Thu, Jun 24, 2004 at 03:38:27PM -0400, [EMAIL PROTECTED] wrote:
1) The wrapper/define/handwaving discards it and prays.
2) The replacement function does a proper job of doing a full enough
emulation of vsnprintf to keep track of length so far and stop
when it gets full (not as easy
Hi all,
This is a heads up.
A new malware has been reported from several sources so it appears to be
fairly widespread already.
The malware spreads from infected IIS servers to clients that visit the
webpage of the infected server. How the IIS servers was compromised in the
first place is
Is this related to the diary entry on:
http://www.incidents.org
-Original Message-
From: Larry Seltzer [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 24, 2004 6:02 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] IE exploit runs code from graphics?
From
Peter Kruse [EMAIL PROTECTED] wrote:
This is a heads up.
Or...
PANIC, PANIC, PANIC...
A new malware has been reported from several sources so it appears to be
fairly widespread already.
The malware spreads from infected IIS servers to clients that visit the
webpage of the infected
On Thu, 24 Jun 2004 19:02:01, [EMAIL PROTECTED] wrote:
From http://www.eweek.com/article2/0,,1617045,00.asp:
Analysts at NetSec Inc., a managed security services provider, began
seeing indications of the compromises early Thursday morning and have
since seen a large number of identical
Larry Seltzer [EMAIL PROTECTED] wrote:
From http://www.eweek.com/article2/0,,1617045,00.asp:
Analysts at NetSec Inc., a managed security services provider,
began seeing indications of the compromises early Thursday morning
and have since seen a large number of identical attacks on their
Without having access to any of the information as to what web pages NetSec thinks is
involved,
but having seen many recent posts about the so-called RFI - Russian IIS Hacks I'd
suggest
that both reports are referring to one and the same, or at least, very closely
related, things.
...
That is
Yesterday a large client of ours
was taken down by what appears to be a Korgo variant, but I have been unable
to locate any information on this worm. From what we have discovered,
the main process is VDisp.exe. It is spreading through unpatched
systems vulnerable
On June 11 it was reported that Dutch mailboxes were flooded with racist
hatemail sent via the Sobig worm.
http://www.theregister.co.uk/2004/06/11/german_hate_mail_virus/
I can report that not only is this activity continuing, but it is
doing so under the names of ... well, me, at least - I
I can also confirm that this is continuing from one of my many email adresses also.
Regards,
Kane Lightowler
Network Security Consultant
Content Security
Level 4, Suite 42c
203 Castlereagh Street
Sydney 2000
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
--- Eric Paynter [EMAIL PROTECTED] wrote:
On Thu, June 24, 2004 11:22 am, VX Dude said:
Good point, personally I wouldn't think that
making a
small wrapper would take that long, but then again
I
havent done it, and I havent done it under stress
and
a time crunch. I code for fun and
we have some 100+ servers here, and we would like to make an inventory
of all the servers. each server has a service tag etc... all servers
have one or more services running on it.
the idea is: we would like everything (config, static information,
dynamic info,...) on a central server in
37 matches
Mail list logo