New bug bites Usenet
p2pnet.net News:- The Jpeg Of Death, the newest virus with a marked taste for Windows jpg processing technology, has zeroed in on Usenet.
"Swany and I wrote a quick and nasty script to scan every jpeg that comes into Easynews.com," says Godzilla, going on:
"It paged my cell phone at 6:47pm PDT on 9/26/2004 for the first hit, and 7:52pm PDT on 9/26/2004 for the second hit.
"Once this JPEG overflowed GDI+, it phoned home, connected to and ftp site and downloaded almost 2megs of stuff. It installs a trojan that installs itself as a service.
"It also installs radmin (radmin.com) running as ‘r_server’. From the radmin.com site, "With Radmin you can work on a remote computer exactly as if you were right there at its keyboard."
"It phones home to the same IP that is in the usenet post headers. Then it seems to connect to http://209.171.43.27/www/system/ u/p bawz/pagdba (last time I checked, 93 users where logged in!)"
Definitely watch this space.
(Thanks, Morg)
==================
See:-
newest virus – Jpeg Of Death.c v0.5, p2pnet, September 28, 2004
says Godzilla – Welcome Slashdot, Bugtraq, et al
