Funny thing is is that warm-pussy.jpg is just a directory name. Does anyone here know what file your browser would attempt to access if you type a url of a non existant file? Yes thats right...
http://gibsonhaxor.tv/warm-pussy.jpg/index.html Jason ----- Original Message ----- From: "Gadi Evron" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 13, 2003 2:08 AM Subject: Re: [Full-Disclosure] new worm - "warm-pussy.jpg". > segfault wrote: > > > You idiot. Just because a file is called warm-pussy.jpg, doesn't mean that > > the webserver it resides on isn't going to parse it's actual content (which > > is probably plaintext). Look again, I'm sure you'll be surprised. > > > > HTML _is_ plain-text. > Just because the server sends it as plain text doesn't mean the browser > won't execute it. > > It does. > > This *is* a Trojan horse. > > Do you have anything real to contribute or are you just going to call a > guy that raised the alarm of a _possible_ new dangerous Trojan hourse names? > -- > Gadi Evron (i.e. ge), > [EMAIL PROTECTED] > > The Trojan Horses Research mailing list - http://ecompute.org/th-list > > My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf > > PGP key for [EMAIL PROTECTED] - > http://vapid.reprehensible.net/~ge/Gadi_Evron.asc > Note: this key is used mainly for files and attachments, I sign email > messages using: > http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
![Re: [Full-Disclosure] new worm - "warm-pussy.jpg".](/search?l=full-disclosure@lists.netsys.com&q=subject:%22Re%5C%3A+%5C%5BFull%5C-Disclosure%5C%5D+new+worm+%5C-+%5C%22warm%5C-pussy.jpg%5C%22.%22&o=newest){kind=link}
