hi, > >Hex verified its hxxp://home.zccn.net/mm2004/mu/nc.jpg with payload @ > >hxxp://home.zccn.net/mm2004/mu/msmsgs.exe infected by netsnake.h > >trojan (http://www.google.com.sg/search?hl=en&q=netsnake.h) > > Indeed. The malware, refered to in the jpg-exploit, was hosted as > "msmsgs.exe" (Netsnake-H) and has now been removed, so infection from that > specific URL, is no longer a threat.
i wouldn't say so: \wget -vv home.zccn.net/mm2004/mu/msmsgs.exe --16:45:13-- http://home.zccn.net/mm2004/mu/msmsgs.exe => `msmsgs.exe' Resolving home.zccn.net... 218.89.171.197 Connecting to home.zccn.net[218.89.171.197]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 58,280 [application/octet-stream] 100%[====================================>] 58,280 6.85K/s ETA 00:00 16:45:24 (6.85 KB/s) - `msmsgs.exe' saved [58280/58280] msmsgs.exe infected: Backdoor.Netsnake.h all the best, W. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
