Doesn't work in Mozilla v1.3.1 on Xandros v1.1 either, though the message was "(111) Connection refused" by http://mitglied.lycos.de/mycutewebspace, maybe they don't like Mozilla? :-)
Our proxy shows the following path when you click the link: http://freedns.afraid.org/blank.html http://mitglied.lycos.de/mycutewebspace http://207.46.110.24/gateway/gateway.dll? Cheers, Dan -----Forwarded Message----- From: Paul Schmehl <[EMAIL PROTECTED]> To: Gadi Evron <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] another Trojan with the ADO hole? + a twist in the story Date: 31 Jan 2004 14:24:21 -0600 --On Saturday, January 31, 2004 7:35 PM +0200 Gadi Evron <[EMAIL PROTECTED]> wrote: > The past Trojan horses which spread this way took advantage of the fact > web servers send an HTML 404 message if a file doesn't exist. > > The original sample - britney.jpg - was simply an html file itself, and > using that fact, and IE loading it. It was combined with one of the > latest exploits of the time (I don't think MS patched it yet), and > downloaded the Trojan horses. > > This time around there is actually a picture on the web page, of a real > honest to God girl. But in another frame.. the same story all over again. > > For blocking purposes, the (un-safe) URL is: http://ut.uk.to/cs.jpg . Didn't work on my Titanium using Safari. The girl was....uh....well-endowed. :-) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
