MS04-028: Trojan.Ducky A/B exploits GDI+ vulnerabilities

Community

Email Notifications

Personal Links

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

http://www.symantec.com/avcenter/venc/data/trojan.ducky.html
http://www.symantec.com/avcenter/venc/data/trojan.ducky.b.html

Trojan.Ducky is a downloader Trojan that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (as described in the Microsoft Security Bulletin MS04-028).

Posted: Sep 30 2004, 03:11 PM by Harry Waldron | with 1 comment(s)

Comments

Seems to be that the AV industry is already a week late with this. We got mails with Jpeg attachments containg string Ducky as editor already a week ago mailed as "Feedback" to our website.

Just we were unsure, what's the malicious code in it and didn't want to try it out.

# October 1, 2004 9:19 AM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Recent Posts