!!! att.VIRUS or trojan ! Re: Sorta silly dc motor question

[Spajky]

READ carefully, Notice also for "colin" !!!
=================================

Re: Sorta silly dc motor question "colin"
<no.spam.for.me@ntlworld.com>
<6Eg9d.894$_d4.393@newsfe3-gui.ntli.net>

Path:
uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!news-in.ntli.net!newsrout1-win.ntli.net!ntli.net!newspeer1-win.ntli.net!newsfe3-gui.ntli.net.POSTED!53ab2750!not-for-mail
From: "colin" <no.spam.for.me@ntlworld.com>
Newsgroups: sci.electronics.basics
References: <ik2bm05vs4vm524ofa2u1qbmohmlt94iii@4ax.com>
Subject: Re: Sorta silly dc motor question

I am using Forte Agent, v.1.9 only as a news reader w/ Win98Se Eng,
Nod AV trial freshly installed & not using OE

The problematic message has posting mark: 7th Oct. 2004 at 21:18 & is
contained in file 00006f35.dat in Agent´s Data folder !!! It is kinda
text script shit, so AV may not detect it (mine does not!) as a
trojan/virus!

Syptoms:

if you open that message it seems empty & if you wanna see all header
info, there is only seen upper code starting from Path: .. & nothing
more /the script code is hidden!/. When the trojan activates (don´t
know how!), it owerwrites/makes Autoexec.bat in the C:\ (root)
containing code to start using looks like MS OE v.6.xxx (sorry, forgot
to save its contents for record! since I replaced it immedeately with
healthy one) to spread itself further. May be also bug in Forte Agent
to help it spread around, don´t know.

It looks like it has a delayed activation, since yesterday I
I was not reading news & restarted few times the PC, but did an AV
scan & reported that something is active, but AV could not clean it as
it looks & I did not check the log later, since I run again chech for
other folders.

This morning I started a PC & after starting loading WIN stopped with
a lot of DOS error messages on the screen (since I do not use OE!)
like follows:


C:\>es: 39
Bad command or file name

C:\>X-Priority: 3
Bad command or file name

C:\>X-MSMail-Priority: Normal
Bad command or file name

C:\>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
Bad command or file name

C:\>X-MimeOLE: Produced By Microsoft MimeOLE V.6.00.2800.1409
Bad command or file name

C:\>Message-ID: <6Eg9d.894$_d4.393@newsfe3-gui.ntli.net>
Bad command or file name

C:\>Date: Thu, 07 Oct 2004 19:18:26 GMT

invalid date
Enter new date (yy.mm.dd):


[followed by blinking cursor and stopped!]

Replacing the registry did NOT help, so I successfully rebooted &
started Win in SAFE mode & got the idea to check my Autoexec.bat in
Notepad manually where inside I found the shit preventing me to start
my Win!

So the solution (if this happens to you) is to:

- find & delete that post in Agent (at least the body, but wise the
hole message) or in any other newsreader (check & empty
eventual newsreaders Deleted folder too!)

- delete/replace Autoexec.bat (if you need it, hope you have
a backUp of it, like I do)

This post was also sent to Eset AV company thru mail with attached
that offending file ...


.... Others can also check somehow the hidden code contained in that
file/posted message ...







--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

 

Spajky <Spajky##@volja.net> wrote:

READ carefully, Notice also for "colin" !!!
=================================

Re: Sorta silly dc motor question "colin"
no.spam.for.me@ntlworld.com
6Eg9d.894$_d4.393@newsfe3-gui.ntli.net

Use unix and be happy.. no virus.

 

[Spajky]

On Sat, 09 Oct 2004 12:11:52 -0700, Eric R Snow <etpm@whidbey.com>
wrote:

I posted the original question and Colin replied to it. I have checked
my system and it appears to be clean. Did the trojan/virus come from
my machine?

no !
--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

 

[Eric R Snow]

On Sun, 10 Oct 2004 00:19:34 +0200, Spajky <Spajky##@volja.net> wrote:

On Sat, 09 Oct 2004 12:11:52 -0700, Eric R Snow <etpm@whidbey.com
wrote:

I posted the original question and Colin replied to it. I have checked
my system and it appears to be clean. Did the trojan/virus come from
my machine?

no !
Thank You. That's a relief!

Eric

 

[colin]

"me" <me@here.net> wrote in message
news:Xns957E1EA535C42meherenet@216.65.98.75...

it always wories me becuase i always find any anti virus thing is just
too restrictive and has cuased me more hassle over the years than any
virus so far, so i always end up disabling it, wich with nav is tricky
it seems to re enable itself from time to time bit like a virus
intself, must be on more machines than any other virus so far i gues.

Colin =^.^=


You are fooling yourself. If you want to take the serious risk of
total/partial loss of data, time lost (specially for business) while you
are not getting/processing or shipping orders because your computers
don't work, or loss of private information that is being taken from your
computer without your knowledge (use a firewall!!, hardware is best over
all), then by all means just remove the programs and quit crying.

There are some AV programs that are better than others. MCcafee was
great for the first two or three then got to be a right pain in the rear.
Norton AV is good if you stay away from any 20xx versions.


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet
News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000
Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---

Im not fooling myself neither am i crying to anyone, nor am i afected by a
virus at this time, im just simply stating my own personal experiences and
preferences and frustration with shody/defective software, (not to mention
the hackers)

But fortunatly im not in the position of taking online orders runing a
website etc etc... but i use this pc mostly playing for online games and i
find most firewalls AV software etc get in the way, particularly when you
just about to kil the big boss in the game with a load of mates and all of a
suden the NAV pop up comes on and takes over your system, when you manage to
cancel it and get back intio game you find youve died and lost some nice
item or other ... not to mention the huge loss in performance when NAV
decides to check every file as you write it to disk. you can turn all this
off but not all from within the program. now i got it to just sit there and
behave and just let it out when i feel like it.

No matter how much of a techno geek you are its foolish to think you are
perfectly safe with the stream of security vulnerabilities that are
constantly adresed in products. i was mentioning jpg images becuase a while
ago people were luaghing at the thought of being able to do this, now it is
a reality.

As for 'hardware solutions' they are totaly dependant on software too and
hence regular updates too, thats if they actualy detect viruses rather than
just blocking ports, but the fact that its a seperate machine makes a big
diference as its far less likely a virus wil get through and/or atack two
seperate and disimlar sytems and propogate to other systems, many people
swear by a pc runing unix as a good firewall. it is always the most popular
software that gets atacked most, however unix isnt necesarily 100% safe
either.

Colin =^.^=

 

[Spajky]

On Sat, 09 Oct 2004 20:30:31 GMT, "colin"
<no.spam.for.me@ntlworld.com> wrote:

I just looked at the post i made and am now veiwing the source of it but
there doesnt seem to be any code in it at all as it apears in OE having got
it from my NTL server, it looks pertfectly ordinary. however im runing a
virus scan.

I did it too, but no positive indentification; I searched the Agent´s
Data folder with WinExplorer for a file containing text
<6Eg9d.894$_d4.393@newsfe3-gui.ntli.net>, which revealed that
mentioned agent file; than I just opened it with a text editor to see
the code: it looks like a sorting of a bunch multimedia system files
listed from my system mixed with garbagled signs & kernel commands
Quite a lot of stuff!

& that listed text can not be copy pasted to a text editor (or here!)
- interesting!

maybe its some virus thats somehow atatched itself to it on your
system or news server? or maybe you just had a file system coruption ?

I don´t know...

looks
like autoexec.bat has been overwriten with the headers of the news article.

no , IIRC inside that "new" Autoexec.bat there was around 10 lines of
code to IMHO starting kinda server (for calling home?)

those system mesages are the result of the system trying to execute the
simple headers of the news article and are totaly benign. The 'Date' part is
just simply a header to signify the date of the post, and just hapens to be
a system comand thats expecting you to enter the curent date/time and will
wait until you do so. strange though, its worying with these new jpg viruses
as well...

Yeah, maybe I picked up one of those *.jpg trojans ... who knows.

(4 months ago I picked a new unknown version of some trojan/remote
controler with very unique "features" which my AV did not recognize
it; I also sent to the AV company the sample with complete description
what it did to me & how I got rid of it, but still took them almost a
month after before they put it into AV database so that AV program
could detect it after updated) . I thought that they would do it
sooner .. :-(

Well, this time again I saved myself from disaster, what the hell I
keep & update AV software, just to fill my HD space? Damn ...

--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

 

[colin]

"Spajky" <Spajky##@volja.net> wrote in message
news:ngngm0l6eekk6fiiel314lq4ukt4881ab8@4ax.com...

On Sat, 09 Oct 2004 20:30:31 GMT, "colin"
no.spam.for.me@ntlworld.com> wrote:

I just looked at the post i made and am now veiwing the source of it but
there doesnt seem to be any code in it at all as it apears in OE having
got
it from my NTL server, it looks pertfectly ordinary. however im runing a
virus scan.

I did it too, but no positive indentification; I searched the Agent´s
Data folder with WinExplorer for a file containing text
6Eg9d.894$_d4.393@newsfe3-gui.ntli.net>, which revealed that
mentioned agent file; than I just opened it with a text editor to see
the code: it looks like a sorting of a bunch multimedia system files
listed from my system mixed with garbagled signs & kernel commands
Quite a lot of stuff!

& that listed text can not be copy pasted to a text editor (or here!)
- interesting!

maybe its some virus thats somehow atatched itself to it on your
system or news server? or maybe you just had a file system coruption ?

I don´t know...

looks
like autoexec.bat has been overwriten with the headers of the news
article.

no , IIRC inside that "new" Autoexec.bat there was around 10 lines of
code to IMHO starting kinda server (for calling home?)

those system mesages are the result of the system trying to execute the
simple headers of the news article and are totaly benign. The 'Date' part
is
just simply a header to signify the date of the post, and just hapens to
be
a system comand thats expecting you to enter the curent date/time and
will
wait until you do so. strange though, its worying with these new jpg
viruses
as well...

Yeah, maybe I picked up one of those *.jpg trojans ... who knows.

(4 months ago I picked a new unknown version of some trojan/remote
controler with very unique "features" which my AV did not recognize
it; I also sent to the AV company the sample with complete description
what it did to me & how I got rid of it, but still took them almost a
month after before they put it into AV database so that AV program
could detect it after updated) . I thought that they would do it
sooner .. :-(

Well, this time again I saved myself from disaster, what the hell I
keep & update AV software, just to fill my HD space? Damn ...

--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

Well i ran nav and it didnt find much, found something in 1 file that was a
..tmp file in my internet cache, cant see how it was active tho,
read something about how things can take over OE by using a malformed feild
lol, geez i wish MS would employ some decent managers to make sure their
programers always check for aray bounds or whatever the issue is.

it always wories me becuase i always find any anti virus thing is just too
restrictive and has cuased me more hassle over the years than any virus so
far, so i always end up disabling it, wich with nav is tricky it seems to re
enable itself from time to time bit like a virus intself, must be on more
machines than any other virus so far i gues.

Colin =^.^=

 

[Spajky]

On 10 Oct 2004 02:51:49 -0500, me <me@here.net> wrote:

it always wories me becuase i always find any anti virus thing is just
too restrictive and has cuased me more hassle over the years than any
virus so far, so i always end up disabling it,

You are fooling yourself. If you want to take the serious risk of
total/partial loss of data, time lost (specially for business) while you
are not getting/processing or shipping orders because your computers
don't work, or loss of private information that is being taken from your
computer without your knowledge (use a firewall!!, hardware is best over
all), then by all means just remove the programs and quit crying.

I agree also, but no software is perfect so I opt also for hardware &
software redundancy! Thats why I have another spare old PC with
minimum all needed for emergencies seating under my desk for fast
proceedeng if disaster happens (example: lightning strike 4 months ago
even if on surge protectors - hit neihbors house 10m away, I ended
with very small damage)

I make backUps quite frequently on a spare HD (keeping it away!) &
also have a "Ghosted" sistem. This I also recommend to all ...

So, if something happens for example, I can be on the Net very fast
again (matter of minutes.. )
--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

 

[Spajky]

On Mon, 11 Oct 2004 13:31:41 -0700, Jamie
<jamie_5_not_valid_after_5_Please@charter.net> wrote:

you must be carefull using IE,

I know ...
--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

 

[me]

it always wories me becuase i always find any anti virus thing is just
too restrictive and has cuased me more hassle over the years than any
virus so far, so i always end up disabling it, wich with nav is tricky
it seems to re enable itself from time to time bit like a virus
intself, must be on more machines than any other virus so far i gues.

Colin =^.^=

You are fooling yourself. If you want to take the serious risk of
total/partial loss of data, time lost (specially for business) while you
are not getting/processing or shipping orders because your computers
don't work, or loss of private information that is being taken from your
computer without your knowledge (use a firewall!!, hardware is best over
all), then by all means just remove the programs and quit crying.

There are some AV programs that are better than others. MCcafee was
great for the first two or three then got to be a right pain in the rear.
Norton AV is good if you stay away from any 20xx versions.


----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= East/West-Coast Server Farms - Total Privacy via Encryption =---

 

[Jamie]

Spajky wrote:

On Sat, 09 Oct 2004 20:30:31 GMT, "colin"
no.spam.for.me@ntlworld.com> wrote:

those system mesages are the result of the system trying to execute the
simple headers of the news article and are totaly benign. The 'Date' part is
just simply a header to signify the date of the post, and just hapens to be
a system comand thats expecting you to enter the curent date/time and will
wait until you do so. strange though, its worying with these new jpg viruses
as well...


Yeah, maybe I picked up one of those *.jpg trojans ... who knows.

(4 months ago I picked a new unknown version of some trojan/remote
controler with very unique "features" which my AV did not recognize

you must be carefull using IE, they may have corrected but it was once
possible for a server to pass back to you an VBS or EXE file when you
requested was a xxxx.jpg
IE would allow the content after the header to be accepted and
executed with out notifying you that it didn't match your original
request post, or the other trick was a redirection at the URL which
IE would lose track and execute what ever was sent to you.
this is one major reason i use Netscape most of the time.

 

[Eric R Snow]

On Sat, 09 Oct 2004 11:04:38 +0200, Spajky <Spajky##@volja.net> wrote:

READ carefully, Notice also for "colin" !!!
=================================

Re: Sorta silly dc motor question "colin"
no.spam.for.me@ntlworld.com
6Eg9d.894$_d4.393@newsfe3-gui.ntli.net

Path:
uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!news-in.ntli.net!newsrout1-win.ntli.net!ntli.net!newspeer1-win.ntli.net!newsfe3-gui.ntli.net.POSTED!53ab2750!not-for-mail
From: "colin" <no.spam.for.me@ntlworld.com
Newsgroups: sci.electronics.basics
References: <ik2bm05vs4vm524ofa2u1qbmohmlt94iii@4ax.com
Subject: Re: Sorta silly dc motor question

I am using Forte Agent, v.1.9 only as a news reader w/ Win98Se Eng,
Nod AV trial freshly installed & not using OE

The problematic message has posting mark: 7th Oct. 2004 at 21:18 & is
contained in file 00006f35.dat in Agent´s Data folder !!! It is kinda
text script shit, so AV may not detect it (mine does not!) as a
trojan/virus!

Syptoms:

if you open that message it seems empty & if you wanna see all header
info, there is only seen upper code starting from Path: .. & nothing
more /the script code is hidden!/. When the trojan activates (don´t
know how!), it owerwrites/makes Autoexec.bat in the C:\ (root)
containing code to start using looks like MS OE v.6.xxx (sorry, forgot
to save its contents for record! since I replaced it immedeately with
healthy one) to spread itself further. May be also bug in Forte Agent
to help it spread around, don´t know.

It looks like it has a delayed activation, since yesterday I
I was not reading news & restarted few times the PC, but did an AV
scan & reported that something is active, but AV could not clean it as
it looks & I did not check the log later, since I run again chech for
other folders.

This morning I started a PC & after starting loading WIN stopped with
a lot of DOS error messages on the screen (since I do not use OE!)
like follows:


C:\>es: 39
Bad command or file name

C:\>X-Priority: 3
Bad command or file name

C:\>X-MSMail-Priority: Normal
Bad command or file name

C:\>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
Bad command or file name

C:\>X-MimeOLE: Produced By Microsoft MimeOLE V.6.00.2800.1409
Bad command or file name

C:\>Message-ID: <6Eg9d.894$_d4.393@newsfe3-gui.ntli.net
Bad command or file name

C:\>Date: Thu, 07 Oct 2004 19:18:26 GMT

invalid date
Enter new date (yy.mm.dd):


[followed by blinking cursor and stopped!]

Replacing the registry did NOT help, so I successfully rebooted &
started Win in SAFE mode & got the idea to check my Autoexec.bat in
Notepad manually where inside I found the shit preventing me to start
my Win!

So the solution (if this happens to you) is to:

- find & delete that post in Agent (at least the body, but wise the
hole message) or in any other newsreader (check & empty
eventual newsreaders Deleted folder too!)

- delete/replace Autoexec.bat (if you need it, hope you have
a backUp of it, like I do)

This post was also sent to Eset AV company thru mail with attached
that offending file ...


... Others can also check somehow the hidden code contained in that
file/posted message ...
I posted the original question and Colin replied to it. I have checked

my system and it appears to be clean. Did the trojan/virus come from
my machine?
Thanks,
Eric

 

[colin]

"Spajky" <Spajky##@volja.net> wrote in message
news:s6afm0t5qgc6hsn1uk2ut36lu9gv5bj40k@4ax.com...

READ carefully, Notice also for "colin" !!!
=================================

Re: Sorta silly dc motor question "colin"
no.spam.for.me@ntlworld.com
6Eg9d.894$_d4.393@newsfe3-gui.ntli.net

Path:

uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!news-in.ntli.net!newsrout1-w

in.ntli.net!ntli.net!newspeer1-win.ntli.net!newsfe3-gui.ntli.net.POSTED!53ab
2750!not-for-mail

From: "colin" <no.spam.for.me@ntlworld.com
Newsgroups: sci.electronics.basics
References: <ik2bm05vs4vm524ofa2u1qbmohmlt94iii@4ax.com
Subject: Re: Sorta silly dc motor question

I am using Forte Agent, v.1.9 only as a news reader w/ Win98Se Eng,
Nod AV trial freshly installed & not using OE

The problematic message has posting mark: 7th Oct. 2004 at 21:18 & is
contained in file 00006f35.dat in Agent´s Data folder !!! It is kinda
text script shit, so AV may not detect it (mine does not!) as a
trojan/virus!

Syptoms:

if you open that message it seems empty & if you wanna see all header
info, there is only seen upper code starting from Path: .. & nothing
more /the script code is hidden!/. When the trojan activates (don´t
know how!), it owerwrites/makes Autoexec.bat in the C:\ (root)
containing code to start using looks like MS OE v.6.xxx (sorry, forgot
to save its contents for record! since I replaced it immedeately with
healthy one) to spread itself further. May be also bug in Forte Agent
to help it spread around, don´t know.

It looks like it has a delayed activation, since yesterday I
I was not reading news & restarted few times the PC, but did an AV
scan & reported that something is active, but AV could not clean it as
it looks & I did not check the log later, since I run again chech for
other folders.

This morning I started a PC & after starting loading WIN stopped with
a lot of DOS error messages on the screen (since I do not use OE!)
like follows:


C:\>es: 39
Bad command or file name

C:\>X-Priority: 3
Bad command or file name

C:\>X-MSMail-Priority: Normal
Bad command or file name

C:\>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
Bad command or file name

C:\>X-MimeOLE: Produced By Microsoft MimeOLE V.6.00.2800.1409
Bad command or file name

C:\>Message-ID: <6Eg9d.894$_d4.393@newsfe3-gui.ntli.net
Bad command or file name

C:\>Date: Thu, 07 Oct 2004 19:18:26 GMT

invalid date
Enter new date (yy.mm.dd):


[followed by blinking cursor and stopped!]

Replacing the registry did NOT help, so I successfully rebooted &
started Win in SAFE mode & got the idea to check my Autoexec.bat in
Notepad manually where inside I found the shit preventing me to start
my Win!

So the solution (if this happens to you) is to:

- find & delete that post in Agent (at least the body, but wise the
hole message) or in any other newsreader (check & empty
eventual newsreaders Deleted folder too!)

- delete/replace Autoexec.bat (if you need it, hope you have
a backUp of it, like I do)

This post was also sent to Eset AV company thru mail with attached
that offending file ...


... Others can also check somehow the hidden code contained in that
file/posted message ...







--
Regards, SPAJKY ÂŽ
& visit my site @ http://www.spajky.vze.com
"Tualatin OC-ed / BX-Slot1 / inaudible setup!"
E-mail AntiSpam: remove ##

I just looked at the post i made and am now veiwing the source of it but
there doesnt seem to be any code in it at all as it apears in OE having got
it from my NTL server, it looks pertfectly ordinary. however im runing a
virus scan. maybe its some virus thats somehow atatched itself to it on your
system or news server? or maybe you just had a file system coruption ? looks
like autoexec.bat has been overwriten with the headers of the news article.
those system mesages are the result of the system trying to execute the
simple headers of the news article and are totaly benign. The 'Date' part is
just simply a header to signify the date of the post, and just hapens to be
a system comand thats expecting you to enter the curent date/time and will
wait until you do so. strange though, its worying with these new jpg viruses
as well...

Colin =^.^=

 

[Rich Grise]

On Monday 11 October 2004 01:31 pm, Jamie did deign to grace us with the
following:

Spajky wrote:

Yeah, maybe I picked up one of those *.jpg trojans ... who knows.

(4 months ago I picked a new unknown version of some trojan/remote
controler with very unique "features" which my AV did not recognize

you must be carefull using IE, they may have corrected but it was once
possible for a server to pass back to you an VBS or EXE file when you
requested was a xxxx.jpg
IE would allow the content after the header to be accepted and
executed with out notifying you that it didn't match your original
request post, or the other trick was a redirection at the URL which
IE would lose track and execute what ever was sent to you.
this is one major reason i use Netscape most of the time.

This only happens to the boneheads who let Windoze "hide ms-dos
file extensions", which is the default. I guess Bill & Co. figured
people don't care what kind of file they're clicking on - the OS
will figure it out. Yah, right.

Then, they see a link to "SexyTits.jpg" which is actually SexyTits.jpg.exe,
and they don't see the .exe, because nobody told them about "dos
extensions", and they run the trojan.

AFAIC, it serves their stupid ass right.

Cheers!
Rich

 

[Gareth]

Rich Grise wrote:

On Monday 11 October 2004 01:31 pm, Jamie did deign to grace us with the
following:

Spajky wrote:


Yeah, maybe I picked up one of those *.jpg trojans ... who knows.

(4 months ago I picked a new unknown version of some trojan/remote
controler with very unique "features" which my AV did not recognize

you must be carefull using IE, they may have corrected but it was once
possible for a server to pass back to you an VBS or EXE file when you
requested was a xxxx.jpg
IE would allow the content after the header to be accepted and
executed with out notifying you that it didn't match your original
request post, or the other trick was a redirection at the URL which
IE would lose track and execute what ever was sent to you.
this is one major reason i use Netscape most of the time.


This only happens to the boneheads who let Windoze "hide ms-dos
file extensions", which is the default. I guess Bill & Co. figured
people don't care what kind of file they're clicking on - the OS
will figure it out. Yah, right.

Then, they see a link to "SexyTits.jpg" which is actually SexyTits.jpg.exe,
and they don't see the .exe, because nobody told them about "dos
extensions", and they run the trojan.

AFAIC, it serves their stupid ass right.

Cheers!
Rich

Rich,

Unfortunately you don't have to be that stupid anymore. An MS security
flaw makes it possible to hide executable code inside an actual JPEG image.

http://news.bbc.co.uk/1/hi/technology/3701640.stm

--
-----------------------------------------------------------------------
To reply to me directly:

Replace privacy.net with: totalise DOT co DOT uk and replace me with
gareth.harris

 

[Jamie]

Rich Grise wrote:

This only happens to the boneheads who let Windoze "hide ms-dos
file extensions", which is the default. I guess Bill & Co. figured
people don't care what kind of file they're clicking on - the OS
will figure it out. Yah, right.

Then, they see a link to "SexyTits.jpg" which is actually SexyTits.jpg.exe,
and they don't see the .exe, because nobody told them about "dos
extensions", and they run the trojan.

AFAIC, it serves their stupid ass right.

Cheers!
Rich

you missed the main point!
i am sure MS has correct it now.
you could at one time request a simple image.jpg manually typed if you
wanted to in the URL line to a specific link. IE would not check the
return header to insure it was a Jpg like requested in the URL line that
one could manual type of click to ..
the end results was, you could get a VBS or EXE file to execute because
IE would not make sure commonly known types like jpg matched the actual
incoming.
i tested this my self by setting up a server locally before i
updated IE and yes, i was able to send back EXE code by simply having my
server send back the EXE file instead of the jpg request with out IE
even notifying you or trying to treat the EXE as a real jpg image which
would cause an error of course..
etc..