JPEG Virus
Spicer, Kevin
Kevin.Spicer at BMRB.CO.UK
Tue Sep 28 15:35:13 IST 2004
Symantec seems to detects the exploit too (I tried it the other day on
the poc file)
-----Original Message-----
From: Jeff A. Earickson [mailto:jaearick at COLBY.EDU]
Sent: 28 September 2004 15:11
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: JPEG Virus
I went to the web site, downloaded the virus they had posted, and fed it
to both Sophos and Clam (08.80rc3). Both detected it, as:
=== Checking virus-jpeg.zip with Sophos sweep
>>> Virus 'Exp/MS04-028' found in file virus-jpeg.zip/possibleVirus.jpg
=== Checking virus-jpeg.zip with ClamAV clamscan Scanning virus-jpeg.zip
virus-jpeg.zip: Exploit.JPEG.Comment FOUND
So at least the anti-virus people are not snoozing...
Jeff Earickson
Colby College
On Tue, 28 Sep 2004, Spicer, Kevin wrote:
> Date: Tue, 28 Sep 2004 09:35:36 +0100
> From: "Spicer, Kevin" <Kevin.Spicer at BMRB.CO.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: JPEG Virus
>
> Looks like the first jpeg virus has hit. Theres a discussion going on
> on Slashdot right now. Easynews found it in a couple of usenet posts.
> See here for their analysis....
> http://www.easynews.com/virus.html
>
>
>
> BMRB International
> http://www.bmrb.co.uk
> +44 (0)20 8566 5000
> _________________________________________________________________
> This message (and any attachment) is intended only for the recipient
> and may contain confidential and/or privileged material. If you have
> received this in error, please contact the sender and delete this
> message immediately. Disclosure, copying or other action taken in
> respect of this email or in reliance on it is prohibited. BMRB
> International Limited accepts no liability in relation to any personal
> emails, or content of any email which does not directly relate to our
> business.
>
>
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list