Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
September 05, 2008, 10:36:38 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
188841
Posts
22021
Topics
52815
Members
Latest Member:
p123allen
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Desktop Security Products
Comodo Anti-Viruspyware (CAVS)
Virus/Malware Removal Assistance
New ICQ Worm, Win32\Stration
« previous
next »
Pages:
[
1
]
Author
Topic: New ICQ Worm, Win32\Stration (Read 1685 times)
BullHorn
Comodo's Hero
Offline
Posts: 230
Nexus23
New ICQ Worm, Win32\Stration
«
on:
October 13, 2006, 08:26:56 PM »
It comes as a URL from infected users and leads to a JPG file which, unless protected, runs something somehow and blows everything up.
I didn't get infected, I never do, so I was hoping anybody here was infected and figured a way to clean your system.
Asking for my friends, btw.
Logged
Windows XP SP2
Comodo Personal Firewall 3.0.7.208
NOD32 2.7
kail
Autonomous
Global Moderator
Comodo's Hero
Offline
Posts: 3645
I'm not grumpy, just misunderstood.
Re: New ICQ Worm, Win32\Stration
«
Reply #1 on:
October 13, 2006, 08:54:31 PM »
The JPG file format allows for a hidden data stream. They call data held in these hidden streams metadata. It's meant to be used by authors for their stuff & for cameras to store any picture data. Anyway, long story short.. worms have been found in JPG hidden data streams. I'm not 100% sure how they are executed.. But, I suspect it will be some sort of buffer overflow attempt on the client reading the JPG file (and the metadata) & a subsequent code-injection.. if it succeeds.
Logged
XP Pro+SP3 and Vista Bus+SP1 with CFP 3.0.25.378 & AntiVir PE 8.1 & Firefox 3.0.1
__
Will computers ever be as smart as humans? Probably.. very, very briefly.
kail
Autonomous
Global Moderator
Comodo's Hero
Offline
Posts: 3645
I'm not grumpy, just misunderstood.
Re: New ICQ Worm, Win32\Stration
«
Reply #2 on:
October 13, 2006, 09:17:21 PM »
The following URL is for a tool called JPEGScan & it scans for these hidden data streams.
http://www.diamondcs.com.au/jpegscan/
Logged
XP Pro+SP3 and Vista Bus+SP1 with CFP 3.0.25.378 & AntiVir PE 8.1 & Firefox 3.0.1
__
Will computers ever be as smart as humans? Probably.. very, very briefly.
Rotty
Global Moderator
Comodo's Hero
Offline
Posts: 793
http://www.venganza.org/ - Noodly Appendage
Re: New ICQ Worm, Win32\Stration
«
Reply #3 on:
October 19, 2006, 11:48:28 PM »
If WinXP/2000 is up-to-date this problem has been patched i think.
cheers, rotty
Logged
The opinions expressed in my posts are my own.
They do NOT necessarily represent or reflect the views of my employer.
panic
Global Moderator
Comodo's Hero
Offline
Posts: 5371
... and I say to myself, "What a wonderful world"
Re: New ICQ Worm, Win32\Stration
«
Reply #4 on:
October 20, 2006, 01:14:33 AM »
Quote from: Rotty on October 19, 2006, 11:48:28 PM
If WinXP/2000 is up-to-date this problem has been patched i think.
cheers, rotty
MS patch for this was issued in December 2004. If your friends have been stung, it's because they aren't patched.
Ewen :-)
Logged
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the
Comodo Forum Policy
.
If you don't like it, don't use the forum.
Tags:
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
** New to the Comodo Forum? Start Here! **
-----------------------------
=> New Member Information
-----------------------------
Want to help Comodo?
-----------------------------
=> Help Spread the Word - Official Comodo banners and logos
=> How can you help Comodo? (Please we do need you!)
===> Help spread the word! (Please read and help)
===> Comodo website issues for submitting website problems only
=> Please tell us your views and Vote here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Leak Testing/Attacks/Vulnerability Research
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
===> Virus/Malware Removal Assistance
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo DiskShield
=> Comodo Disk Encryption
=> Comodo Secure Email (CSE) Product
===> CSE Beta Corner
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> Comodo TrustConnect - Securing the Wireless world!
=> Comodo SafeSurf and (Comodo's own toolbar)
=> Backup
===> FAQ for Comodo Backup
===> Help
=> Verification Engine (allows you to verify what you see on the Internet)
=> Comodo Vulnerability Analyzer
=> AntiSpam
=> i-Vault
=> Launch Pad
=> Trusttoolbar
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo Registry Cleaner
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Computer Firewalls
=> Anti Virus/Malware Products/Other Security products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> HIPS (Host Intrusion Prevention Systems)
=> Anti Phishing solutions
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments (not product related)
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> User Anywhere (Remote Access product)
=> Comodo Meet (Web Conferencing Product)
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> tiếng Việt / Vietnamese
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Infrastructure Products
-----------------------------
=> ZTL
=> Trustix Enterprise Firewall
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
Page created in 0.195 seconds with 19 queries.
Powered by SMF 1.1.5
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com
Author