This was sent out on FD this morning as a password protected ZIP file. I downloaded a copy via wget, both my proxy AV and my desktop AV were able to detect it as a MS04-028 expolit.
The story was also posted to Slashdot.org last night -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barrie Dempster Sent: Tuesday, September 28, 2004 3:16 PM To: Barry Fitzgerald Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] JPEG GDI On Tue, 2004-09-28 at 19:56, Barry Fitzgerald wrote: > Yep - in fact I was reading this morning on http://isc.sans.org/ that > one was just found on an adult newsgroup. > > -Barry Indeed Barry, heres more information on that for you or others interested http://easynews.com/virus.html I know the file itself has already been posted to the list but this link gives some preliminary analysis of if it too, which shows it as a trojan infection vector and not really a virus in the traditional sense. -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html