[ reiser @ 06.07.2004. 00:34 ] @
|
| http://www.sophos.com/virusinfo/analyses/trojagenta.html
Citat: Troj/Agent-A is a bitmap format (BMP) graphic image file that downloads an executable from a remote website to C:\sys.exe.
At the time of analysis, the file downloaded was a backdoor Trojan horse detected by Sophos as Troj/BDThr-A.
Historically, computer users would not regard BMP files as capable of infecting computers. However, there appears to be a bug in the Microsoft code which handles the Windows BMP file format which can allow executable code held inside the BMP file to be executed.
At the time of writing Microsoft has not yet issued a patch to secure this vulnerability. Troj/Agent-A is only believed to work on the Russian-language version of Microsoft Windows. |
[ Buum @ 06.07.2004. 00:52 ] @
Ovo već može da bude zajebano...
[ reiser @ 06.07.2004. 01:00 ] @
Btw, napada samo ruski Windows
[ Danilo Vukovic @ 06.07.2004. 13:22 ] @
Kaspersky je prvio detektovao takav trojan ( verovatno je to taj)... Inace to za bmp nista novo, o tome se uveliko pricalo kada je izvorni kod windowsa dospeo u siru javnost, jos tad su govorili da postoji takva rupa... I jos tada je kaspersky poceo da radi na mehanizmu za detektovanje takvih virusa...
Zajebano...
[ Sundance @ 07.07.2004. 15:30 ] @
zaaakon...samo sam cekao dan kad ce se nesto ovakvo dogoditi. ukoliko se dogodi da mail filtri budu morali obracati pozornost na sve formate koji su potencijalno exploitabilni, lista formata bi se mogla poprilicno produziti... eh, MS...
Copyright (C) 2001-2024 by www.elitesecurity.org. All rights reserved.