[37068] in bugtraq
Bug in hotmail
daemon@ATHENA.MIT.EDU (security)
Mon Oct 25 22:42:05 2004
Message-ID: <417C2543.9040909@kalamiteit.nl>
Date: Sun, 24 Oct 2004 21:57:23 +0000
From: security <security@kalamiteit.nl>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
hi all,
i am not a person that posts to bugtraq really, but more a person that
reads from it!
well the thing is, I was checking my hotmail account, as i saw an e-mail
from an old friend of mine, i saw an attachement, so i was already in
doubt (but i was using gentoo anyways .. so not realy affraid of
something like that ), but when i looked at the file i saw that it was a
zip file that had a .txt file in it .. at least .. so it seamed. after
downloading the file and extracting it , was look ing at the file name
which was :
tmp $ ls -l dump.
dump.txt
.scr
dump.zip
weird!!!!
$ ls -l dump.txt\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ .scr
-rw-r--r-- 1 crocco users 53248 Aug 13 1985
dump.txt .scr
Ah makes more sense!!
$ file dump.txt\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \
\ \ \ \ \ \ \ \ \ \ \ \ \ .scr
dump.txt .scr: MS-DOS executable (EXE), OS/2 or MS Windows
Funny, as i saw that i was 100% sure that it was a virus! although it
was labeled as NO VIRUS FOUND on the hotmail site( i was thinking that
it should be " no known viruses found")
it was confirmed by friends of mine after i asked them to scan it for
virusseson windows machines!
now, i can only come to 1 conclusion. the virus scanner of hotmail, does
not check filenames as long as our file in question here!
and because many people would simply believe that it is virusfree and
that it could again cause some new virusrage i thaught it was pretty
important and posted it in bugtraq!
cheers
