Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
Platforms
PCXboxPlayStationNintendo
Games
ActionStrategyRole Playing GamesSimulatorsSport Games
Game Forum / Role Playing Games / EverQuest / September 2004

Tip: Looking for answers? Try searching our database.

INFO POST New trojan in the wild via infected pics

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
DaFox - 29 Sep 2004 01:34 GMT
There is a new trojan being spread via .JPG ( picture ) files, info here:
( Symantec: Norton Anti-Virus site )
http://securityresponse.symantec.com/avcenter/venc/data/trojan.moo.html

Run your Windows Update and install the GDI+ detection tool to see if your system is
exploitable. Install and update the latest anti-virus software you can get..... I use
NAV w/ latest updates ( Norton Anti-Virus 9.05.15 as part of Norton System Works 2003
) and AVP  w/ latest virus definitions ( Kaspersky Anti-Virus 3.5.133.0 ) of which
both can detect before launching and clean this trojan.

This trojan has been spotted in many newsgroups.

--

Dira Idgit , Gnomish Necromancer at large.
 Cazic Thule
http://www.magelo.com/eq_view_profile.html?num=9869  
When E-mailing me, remove the Anti-Spam Device (Super) from my reply address
Visit my little Anime site, DaFox's Den: http://home.att.net/~DaFox/
ICQ:6154582 Haven't got ICQ? Go here: http://www.icq.com/
Reply to this Message
Revat - 29 Sep 2004 08:07 GMT
>There is a new trojan being spread via .JPG ( picture ) files, info here:
> ( Symantec: Norton Anti-Virus site )
[quoted text clipped - 7 lines]
>
>This trojan has been spotted in many newsgroups.

I done all this and it said it found software that was at risk, but I
don't know what happened after than, it flaked out so i never got a
listing or whatever.

How do I actually run this detection tool by itself ?

Cheers,
Reply to this Message
DaFox - 29 Sep 2004 10:52 GMT
While digging out a new addition to the Den, DaFox found a scrap of parchment. On it,

>>There is a new trojan being spread via .JPG ( picture ) files, info here:
>> ( Symantec: Norton Anti-Virus site )
[quoted text clipped - 15 lines]
>
>Cheers,

Not sure on how to get the tool stand-alone, but go here:
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
and check you apps against the lists and you can download patches.
Also read the FAQ section there for more details.

--

Dira Idgit , Gnomish Necromancer at large.
 Cazic Thule
http://www.magelo.com/eq_view_profile.html?num=9869  
When E-mailing me, remove the Anti-Spam Device (Super) from my reply address
Visit my little Anime site, DaFox's Den: http://home.att.net/~DaFox/
ICQ:6154582 Haven't got ICQ? Go here: http://www.icq.com/
Reply to this Message
DaFox - 29 Sep 2004 10:54 GMT
While digging out a new addition to the Den, DaFox found a scrap of parchment. On it,

>>There is a new trojan being spread via .JPG ( picture ) files, info here:
>> ( Symantec: Norton Anti-Virus site )
[quoted text clipped - 15 lines]
>
>Cheers,

Update: I just found this:
http://www.microsoft.com/downloads/details.aspx?FamilyID=71cd9e74-7142-4780-83e5
-ce54401da1d1&displaylang=en
to DL the tool itself.

--

Dira Idgit , Gnomish Necromancer at large.
 Cazic Thule
http://www.magelo.com/eq_view_profile.html?num=9869  
When E-mailing me, remove the Anti-Spam Device (Super) from my reply address
Visit my little Anime site, DaFox's Den: http://home.att.net/~DaFox/
ICQ:6154582 Haven't got ICQ? Go here: http://www.icq.com/
Reply to this Message
@ndrew - 29 Sep 2004 12:21 GMT
> While digging out a new addition to the Den, DaFox found a scrap of
>
[quoted text clipped - 25 lines]
> http://www.microsoft.com/downloads/details.aspx?FamilyID=71cd9e74-7142
> -4780-83e5-ce54401da1d1&displaylang=en  to DL the tool itself.

Easier just to install SP2 solves all of those problems which only
affect SP1.

regards

@ndrew
Reply to this Message
DaFox - 29 Sep 2004 23:40 GMT
While digging out a new addition to the Den, DaFox found a scrap of parchment. On it,

>Easier just to install SP2 solves all of those problems which only
>affect SP1.
>
>regards
>
>@ndrew

Except it also effects other programs, from various vendors, that can be installed on
a SP2 machine, thus making it vulnerable to this type of trojan again.

--

Dira Idgit , Gnomish Necromancer at large.
 Cazic Thule
http://www.magelo.com/eq_view_profile.html?num=9869  
When E-mailing me, remove the Anti-Spam Device (Super) from my reply address
Visit my little Anime site, DaFox's Den: http://home.att.net/~DaFox/
ICQ:6154582 Haven't got ICQ? Go here: http://www.icq.com/
Reply to this Message
Tyas_MT - 30 Sep 2004 02:21 GMT
> While digging out a new addition to the Den, DaFox found a scrap of parchment. On it,
>
[quoted text clipped - 7 lines]
> Except it also effects other programs, from various vendors, that can be installed on
> a SP2 machine, thus making it vulnerable to this type of trojan again.

This explains the vunerability, and points to a different, clearer tool
to tell you that you may or may not have a problem.
http://www.bleepingcomputer.com/forums/topict3077.html

As to what to do if you are vunerable?  Try to get a patch from the
software vendor. You can try replacing the vunerable DLL files with
fixed versions, but that can break applications dependant on specific
DLL versions. If you handle Office and  Windows, you handle about 90% of
the likely exploits. (In order to exploit the vunerability, it would
have to open the jpg in the vunerable application.)
Reply to this Message
@ndrew - 30 Sep 2004 05:58 GMT
> While digging out a new addition to the Den, DaFox found a scrap of
>
[quoted text clipped - 8 lines]
> be installed on a SP2 machine, thus making it vulnerable to this type
> of trojan again.

No re-read the info .. if you have SP2 installed it will protect you.
Need a link can dig it out?

regards

@ndrew
Reply to this Message
DaFox - 30 Sep 2004 10:43 GMT
While digging out a new addition to the Den, DaFox found a scrap of parchment. On it,

>> While digging out a new addition to the Den, DaFox found a scrap of
>>
[quoted text clipped - 15 lines]
>
>@ndrew

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

Scroll down too:
" Note The non-affected versions of Windows do not natively contain the vulnerable
component. However, the vulnerable component is installed on these non-affected
operating systems when you install any of the software programs or components that
are listed in the Affected Software and Affected Components sections of this
bulletin. "

--

Dira Idgit , Gnomish Necromancer at large.
 Cazic Thule
http://www.magelo.com/eq_view_profile.html?num=9869  
When E-mailing me, remove the Anti-Spam Device (Super) from my reply address
Visit my little Anime site, DaFox's Den: http://home.att.net/~DaFox/
ICQ:6154582 Haven't got ICQ? Go here: http://www.icq.com/
Reply to this Message
@ndrew - 30 Sep 2004 22:42 GMT
> http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
>
[quoted text clipped - 4 lines]
> any of the software programs or components that are listed in the
> Affected Software and Affected Components sections of this bulletin. "

Apologies you are right.  This from another microsoft site:

Important Windows XP Service Pack 2 (SP2) is not affected by the GDI+
issue, and installing Windows XP SP2 eliminates the GDI+ issue in
affected Microsoft developer tools and imaging software. However,
Windows XP SP2 users may have other Microsoft software installed that
requires updating. If you use Windows XP SP2 and Microsoft Office,
please visit the Office Update Web site
<http://office.microsoft.com/officeupdate/> to scan your computer for
needed updates.

http://tinyurl.com/5d6yr

regards

@ndrew
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.