for those that think jpgs are "safe"

open this in IE:

http://www.nero-online.org/norway.jpg


--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg

On Tue, 11 Nov 2003 18:36:37 -0500, Colonel Flagg
<> wrote:

>open this in IE:
>
>http://www.nero-online.org/norway.jpg

Hmmm I'm glad its harmless.

well spotted.
--
Jim Watt http://www.gibnet.com

Jim Watt

I clicked the link and IE comes up with a page with which says Last Measure
of Last Measure. What did you think I would see???

"Colonel Flagg" <> wrote in
message news:.. .
> open this in IE:
>
> http://www.nero-online.org/norway.jpg
>
>
> --
> Colonel Flagg
> http://www.internetwarzone.org/
>
> Privacy at a click:
> http://www.cotse.net
>
> Q: How many Bill Gates does it take to change a lightbulb?
> A: None, he just defines Darkness? as the new industry standard..."
>
> "...I see stupid people."

John E. Carty

So what did it do? I opened it in IE and just got a page with Last Measure
of Last Measure!

"Jim Watt" <_way> wrote in message
news:...
> On Tue, 11 Nov 2003 18:36:37 -0500, Colonel Flagg
> <> wrote:
>
> >open this in IE:
> >
> >http://www.nero-online.org/norway.jpg
>
> Hmmm I'm glad its harmless.
>
> well spotted.
> --
> Jim Watt http://www.gibnet.com

John E. Carty

In article <1Pesb.37537$>,
says...
> I clicked the link and IE comes up with a page with which says Last Measure
> of Last Measure. What did you think I would see???
>
> "Colonel Flagg" <> wrote in
> message news:.. .
> > open this in IE:
> >
> > http://www.nero-online.org/norway.jpg
> >
> >
> > --
> > Colonel Flagg
> > http://www.internetwarzone.org/
> >
> > Privacy at a click:
> > http://www.cotse.net
> >
> > Q: How many Bill Gates does it take to change a lightbulb?
> > A: None, he just defines Darkness? as the new industry standard..."
> >
> > "...I see stupid people."
>
>
>


it's an iframe exploit with a trojan in it.... I do hope you're not
infected and that you're using a good anti-virus.





from F-Secure Event Log:

Malicious code found in file C:\Documents and Settings\xxxxxx\Local
Settings\Temporary Internet Files\Content.IE5\72CZNTWT\norway[1].jpe.

Infection: Trojan.VBS.IFrame
Action: The file was deleted.




--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg

"John E. Carty" <> wrote in
news:05fsb.37542$:

[top-post corrected]
> "Jim Watt" <_way> wrote in message
> news:...
>> On Tue, 11 Nov 2003 18:36:37 -0500, Colonel Flagg
>> <> wrote:
>>
>> >open this in IE:
>> >
>> >http://www.nero-online.org/norway.jpg
>>
>> Hmmm I'm glad its harmless.
>>
>> well spotted.
>
> So what did it do? I opened it in IE and just got a page with Last
> Measure of Last Measure!

Looks like it's just meant to be an annoyance which recursively opens
a page inside some IFRAMEs. The IFRAMEs then loads up pictures from
goatse.cx. (Don't bother going to goatse.cx...just take my word for
it that it's unpleasant.) I wouldn't call this a trojan, or even
anything that could be harmful...just something someone could use to
be annoying.

dkg_ctc

In article <Xns9430CD392B3F2dkgctc@130.133.1.4>,
says...
> "John E. Carty" <> wrote in
> news:05fsb.37542$:
>
> [top-post corrected]
> > "Jim Watt" <_way> wrote in message
> > news:...
> >> On Tue, 11 Nov 2003 18:36:37 -0500, Colonel Flagg
> >> <> wrote:
> >>
> >> >open this in IE:
> >> >
> >> >http://www.nero-online.org/norway.jpg
> >>
> >> Hmmm I'm glad its harmless.
> >>
> >> well spotted.
> >
> > So what did it do? I opened it in IE and just got a page with Last
> > Measure of Last Measure!
>
> Looks like it's just meant to be an annoyance which recursively opens
> a page inside some IFRAMEs. The IFRAMEs then loads up pictures from
> goatse.cx. (Don't bother going to goatse.cx...just take my word for
> it that it's unpleasant.) I wouldn't call this a trojan, or even
> anything that could be harmful...just something someone could use to
> be annoying.
>



sorry. wrong again. that was an *example* of what *could* happen if you
actually load it with something more malicious. use a proper anti-virus
and it will find it.




--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg

Colonel Flagg <> wrote in
news::

> open this in IE:
>
> http://www.nero-online.org/norway.jpg

And does this work if Install On Demand is not enabled?

donutbandit

"Colonel Flagg" <> wrote in
message news:.. .
> In article <1Pesb.37537$>,
> says...
> > I clicked the link and IE comes up with a page with which says Last
Measure
> > of Last Measure. What did you think I would see???
> >
> > "Colonel Flagg" <> wrote in
> > message news:.. .
> > > open this in IE:
> > >
> > > http://www.nero-online.org/norway.jpg
> > >
> > >
> > > --
> > > Colonel Flagg
> > > http://www.internetwarzone.org/
> > >
> > > Privacy at a click:
> > > http://www.cotse.net
> > >
> > > Q: How many Bill Gates does it take to change a lightbulb?
> > > A: None, he just defines Darkness? as the new industry standard..."
> > >
> > > "...I see stupid people."
> >
> >
> >
>
>
> it's an iframe exploit with a trojan in it.... I do hope you're not
> infected and that you're using a good anti-virus.
>


No and No ;D

Also, it did nuffin but b0rked my MSIE heh, isnt it just a modified version
ofm y :
http://alt26.go.ro/execute.jpg ?
That has been featured in the in millions of threads we;ve had on whether
jpgs are dangerous ?


--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

In article <bos8ee$95g$>, says...
> Colonel Flagg <> wrote in
> news::
>
> > open this in IE:
> >
> > http://www.nero-online.org/norway.jpg
>
> And does this work if Install On Demand is not enabled?
>


it works if you're not a guru and you haven't made a change to the
security of your IE... just like 90% or more end-users out there.

the people writing this stuff isn't targetting guru's, they're
targetting the millions of people out there that are wide open to
exploitation. quit thinking just about yourself and yours, start
considering the other folks out there that have no clue.



--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg