[Full-Disclosure] new worm - "warm-pussy.jpg".
I.R. van Dongen
vdongen at hetisw.nl
Thu Nov 13 08:00:13 GMT 2003
On Wed, Nov 12, 2003 at 02:36:41PM -0500, segfault wrote:
> You idiot. Just because a file is called warm-pussy.jpg, doesn't mean that
> the webserver it resides on isn't going to parse it's actual content (which
> is probably plaintext). Look again, I'm sure you'll be surprised.
> Contents of warm-pussy.jpg:
I edited the source to make it harmless (putty from official website
instead of virus) and fixed the dependency on existence of c:\windows.
For those who want to see how it works:
I tested on 3 volunteers and 1 reported a virusscanner (can't remember
which one) reporting VBS/Psyme.
Either test on a fast line, or allow enough time for putty to download.
Ivo van Dongen
Full-Disclosure is hosted and sponsored by Secunia.