Der Code wurde hier laut einem Posting von Craig Holmes auf Bugtraq
auskommentiert:
http://gearbox.gearbolt.net/files/security/cap/britney.jpg
Ich kann das leider nicht nachvollziehen, da mein Virenscanner das
sofort in die Quarantaene schiebt. Download daher auf eigene Gefahr!
Originalposting auf Bugtraq:
From - Tue Oct 28 08:09:38 2003
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Received: from ################# ([15.140.168.13]) by
################# with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.2655.55)
id VXRR7QXK; Tue, 28 Oct 2003 00:38:44 +0100
Received: from 15.191.1.35 by ################# (InterScan E-Mail
VirusWall NT); Tue, 28 Oct 2003 00:38:44 +0100
Received: from ################# (mailtrck.hp.com [192.151.81.15])
by ################# (Postfix) with ESMTP id 8AA8137CDA
for <#################>; Tue, 28 Oct 2003 00:33:22 +0100 (CET)
Received: ################# (address [127.0.0.1])
by receive-from-antispam-filer (Postfix) with SMTP id 76CC332E42
for <#################>; Mon, 27 Oct 2003 15:38:43 -0800 (PST)
Received: from outgoing3.securityfocus.com
(outgoing3.securityfocus.com [205.206.231.27])
by ################# (Postfix) with ESMTP id 3BC2F32E3B
for <#################>; Mon, 27 Oct 2003 15:38:43 -0800 (PST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com
[205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 4476EA3116; Mon, 27 Oct 2003 15:35:00 -0700 (MST)
Received: (qmail 22875 invoked from network); 27 Oct 2003 16:24:54
-0000
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
From: Craig Holmes <Leusent@absolut.intellihost.ca>
Reply-To: leusent@link-net.org
To: bugtraq@securityfocus.com
Subject: Re: a dangerous fast spreading (yet simple) trojan horse.
Date: Mon, 27 Oct 2003 18:30:41 -0400
User-Agent: KMail/1.5.3
References: <000f01c39ced$e5abce50$0900000a@whitestar>
<3F9D4B2F.3080903@scention.de>
In-Reply-To: <3F9D4B2F.3080903@scention.de>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200310271730.41236.Leusent@absolut.intellihost.ca>
X-PMX-Version: 4.0.4.76838
I also noticed this on irc. I grabbed a copy of the file before it
was taken
off line if anyone has any interest in seeing it:
http://gearbox.gearbolt.net/files/security/cap/britney.jpg
Note that I have commented out the function call that start the
exploitation
to keep anyone from using my box to spread this virus.
Craig Holmes
--
KMail: 1.5.3
Linux Weltall.gearbolt.net 2.4.20 #4 Sat Sep 27 18:55:34 EDT 2003
i686 AMD
Athlon(TM) XP 1800+ AuthenticAMD GNU/Linux
auskommentiert:
http://gearbox.gearbolt.net/files/security/cap/britney.jpg
Ich kann das leider nicht nachvollziehen, da mein Virenscanner das
sofort in die Quarantaene schiebt. Download daher auf eigene Gefahr!
Originalposting auf Bugtraq:
From - Tue Oct 28 08:09:38 2003
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
Received: from ################# ([15.140.168.13]) by
################# with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.2655.55)
id VXRR7QXK; Tue, 28 Oct 2003 00:38:44 +0100
Received: from 15.191.1.35 by ################# (InterScan E-Mail
VirusWall NT); Tue, 28 Oct 2003 00:38:44 +0100
Received: from ################# (mailtrck.hp.com [192.151.81.15])
by ################# (Postfix) with ESMTP id 8AA8137CDA
for <#################>; Tue, 28 Oct 2003 00:33:22 +0100 (CET)
Received: ################# (address [127.0.0.1])
by receive-from-antispam-filer (Postfix) with SMTP id 76CC332E42
for <#################>; Mon, 27 Oct 2003 15:38:43 -0800 (PST)
Received: from outgoing3.securityfocus.com
(outgoing3.securityfocus.com [205.206.231.27])
by ################# (Postfix) with ESMTP id 3BC2F32E3B
for <#################>; Mon, 27 Oct 2003 15:38:43 -0800 (PST)
Received: from lists2.securityfocus.com (lists2.securityfocus.com
[205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 4476EA3116; Mon, 27 Oct 2003 15:35:00 -0700 (MST)
Received: (qmail 22875 invoked from network); 27 Oct 2003 16:24:54
-0000
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
From: Craig Holmes <Leusent@absolut.intellihost.ca>
Reply-To: leusent@link-net.org
To: bugtraq@securityfocus.com
Subject: Re: a dangerous fast spreading (yet simple) trojan horse.
Date: Mon, 27 Oct 2003 18:30:41 -0400
User-Agent: KMail/1.5.3
References: <000f01c39ced$e5abce50$0900000a@whitestar>
<3F9D4B2F.3080903@scention.de>
In-Reply-To: <3F9D4B2F.3080903@scention.de>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200310271730.41236.Leusent@absolut.intellihost.ca>
X-PMX-Version: 4.0.4.76838
I also noticed this on irc. I grabbed a copy of the file before it
was taken
off line if anyone has any interest in seeing it:
http://gearbox.gearbolt.net/files/security/cap/britney.jpg
Note that I have commented out the function call that start the
exploitation
to keep anyone from using my box to spread this virus.
Craig Holmes
--
KMail: 1.5.3
Linux Weltall.gearbolt.net 2.4.20 #4 Sat Sep 27 18:55:34 EDT 2003
i686 AMD
Athlon(TM) XP 1800+ AuthenticAMD GNU/Linux