> FYI - Norton AV now picks this up. > > > Scan type: Realtime Protection Scan > Event: Virus Found! > Virus name: XMLid.Exploit > File: C:\XXXXX\Local Settings\Temporary Internet > Files\Content.IE5\C9IVKTMJ\simplebind[1].htm > Location: Quarantine > Computer: XXXXXX > User: XXXXXX > Action taken: Clean failed : Quarantine succeeded : Access denied > Date found: Fri Mar 15 19:46:32 2002 > > madness. My PC CILLIN 2000 also detected the malformed "jpg" files in my temporary folder... Just as your norton, it placed the files under quarentine. The bad news is that the "malicius web code" scanner is not looking for this "jpg" files in real time (when you are browsing the web). Regards, Felipe ......... While trying to execute something like: "c:/command.com /c echo bin > test", "c:/command.com /c echo GET trojan.exe >> test", "c:/windows/ftp.exe ...." I came up with something interesting: This bug will NOT execute '.com' files. Maybe it's worth trying to execute '.bat' files before attempting to place batch files on the victim's computer in order to pass parameters. I found this out by discovering that it will not execute "c:/command.com", so if I'm wrong on my statement, please for- give me... I'm very tired and I'm going to bed now. No more tests for today. my $.02... Regards, Felipe
This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 00:06:10 PST