Ergh - the http://207.46.110.24/gateway/gateway.dll? address is only a MSN MSGR site - sorry.
Dan -----Forwarded Message----- From: Paul Schmehl <[EMAIL PROTECTED]> To: Gadi Evron <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] another Trojan with the ADO hole? + a twist in the story Date: 31 Jan 2004 14:24:21 -0600 --On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron <[EMAIL PROTECTED]> wrote: > The past Trojan horses which spread this way took advantage of the fact > web servers send an HTML 404 message if a file doesn't exist. > > The original sample - britney.jpg - was simply an html file itself, and > using that fact, and IE loading it. It was combined with one of the > latest exploits of the time (I don't think MS patched it yet), and > downloaded the Trojan horses. > > This time around there is actually a picture on the web page, of a real > honest to God girl. But in another frame.. the same story all over again. > > For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg . Didn't work on my Titanium using Safari. The girl was....uh....well-endowed. :-) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
