Re: Suspecious JPEG Files

From: Jamie Riden (jamie.riden@gmail.com)
Date: Tue Feb 12 2008 - 07:15:40 EST

• Next message: Tiago Rosado: "Re: Security/Pen-testing Courses?"
• Previous message: Juan B: "cracking sniffed hashs issue"
• In reply to: tclahr@br.ibm.com: "Re: Suspecious JPEG Files"
• Next in thread: Nikhil Wagholikar: "Re: Suspecious JPEG Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

I've used cwsandbox with executable files, but I'm not sure if it
would do anything with e.g. a JPEG with a buffer overflow exploit
within. Can someone confirm this?

cheers,
 Jamie

On 08/02/2008, tclahr@br.ibm.com <tclahr@br.ibm.com> wrote:
> http://www.cwsandbox.org/
>
> upload your file over there and see the results... it runs a lot of stuff,
> including filemon, AVs, regmon... etc
>
> Obrigado / Regards
>
> /*
> * Thiago Canozzo Lahr; CEH; LPIC-1;
> * Vulnerability Assessment Specialist;
> * IBM ITDelivery Brazil - Security & Risk Management;
> * Phone: +55 19 2132-7091;
> */
>
>
>
>
> From:
> "Jamie Riden" <jamie.riden@gmail.com>
> To:
> "poddima@yahoo.com" <poddima@yahoo.com>
> Cc:
> pen-test@securityfocus.com
> Date:
> 06/02/2008 18:21
> Subject:
> Re: Suspecious JPEG Files
>
>
>
> On 1 Feb 2008 17:09:24 -0000, poddima@yahoo.com <poddima@yahoo.com> wrote:
> > Hello,
> >
> >
> > I recieved via e-mail two JPEG files, one of them was not opened
> properly (Default error message was displayed on the Windows Picture
> Viewer).
> >
> > The sender is known to me, and I suspect he was trying to attack my
> computer (I recieved also an infected executable file from him just a
> short time before, and I didn't opened it).
> >
> >
> > If anyone is interested in trying to analyse the files, I'd be mostly
> grateful. Please contact me and I will send you the files.
>
> Try submitting to www.virustotal.com - they will run 32 different AV
> engines against them.
>
> You can send them to me if you like - only gmail will screen them out
> if it detects a virus. Still, that would be an answer to your question
> :)
>
> (Have you verified that they are in fact JPEGs and not some other image
> format?)

-- 
Jamie Riden / jamesr@europe.com / jamie@honeynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Tiago Rosado: "Re: Security/Pen-testing Courses?"
• Previous message: Juan B: "cracking sniffed hashs issue"
• In reply to: tclahr@br.ibm.com: "Re: Suspecious JPEG Files"
• Next in thread: Nikhil Wagholikar: "Re: Suspecious JPEG Files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:24 EDT