The FTP site that was hosting the files was taken down. If anyone would like to take a peek at the files used (for educational purposes only of course), let me know off list. I grabbed a copy. I'd also have to agree with Gerry. This doesn't replicate or spread once executed - it just exploits the local machine, installing a trojan/irc-bot, then connecting back. Still the first of it's kind that I'd seen. -- Peace. ~G On Mon, 27 Sep 2004 15:45:10 -0400, Gerry Eisenhaur <geisenhaur@xxxxxxxxx> wrote: > It's not a virus, just a connect back (82.1.163.241:55000) cmd shell > exploit. > > /gerry > > Ben wrote: > > Allo, > > > > There is now a GDI+ jpeg exploiting virus in the wild. It was posted > > on Mon, 27 Sep 2004 01:25:52 GMT via NNTP to multiple news groups by a > > single person. > > > > See the following for details: > > http://www.easynews.com/virus.txt > > > > You can see the virus here: > > http://easynews.com/test/possiblevirus.jpg.gz > > > > > > - IsolationX > > > > > > -- > Gerald Eisenhaur > Cisco Systems, Inc. > 1414 Massachusetts Ave. > Boxborough, Massachusetts 01719 > voice: 978.936.0465 > geisenhaur@xxxxxxxxx
