Merly
Full Member
Rayl.A Worm Exploits MS04-028 JPEG Vulnerability to Spread via MSN Messenger: Rayl.A is a new worm that spreads primarily via MSN Messenger (MSNM) by exploiting the MS04-028 Microsoft Windows Buffer Overrun in JPEG Processing vulnerability (ID# 402446, Sept. 14, 2004). It remains unclear from the source if this worm is spreading in the wild yet or not. The hostile link associated with this attack appears to have been removed, which lowers the risk of attack via this specific variant of this family for the time being.
Rayl.A is 33,280 bytes. Rayl.A spreads via MSMN by sending a link to to other MSNM users pointing to a hostile image file. The links reportedly used in the original attack is at http://www.xf2s.com/msn/wode.jpg, which is no longer hosting hostile code at the time of this writing. When an unwary user opened this link prior to its unavailability, the hostile .jpg file attempted to exploit the MS04-028 JPG vulnerability to execute a copy of itself on the victim computer. Rayl.A may also attempt to perform other exploits, depending upon the coding within the graphics file.
Rayl.A may also attempt to download and install additional malicious codes or use additional exploit codes to infect a computer.
Aliases: Rayl.A, Rayl, Worm.MSN.Elon.a, AdClicker-BD
Just thought I'd let you know
Rayl.A is 33,280 bytes. Rayl.A spreads via MSMN by sending a link to to other MSNM users pointing to a hostile image file. The links reportedly used in the original attack is at http://www.xf2s.com/msn/wode.jpg, which is no longer hosting hostile code at the time of this writing. When an unwary user opened this link prior to its unavailability, the hostile .jpg file attempted to exploit the MS04-028 JPG vulnerability to execute a copy of itself on the victim computer. Rayl.A may also attempt to perform other exploits, depending upon the coding within the graphics file.
Rayl.A may also attempt to download and install additional malicious codes or use additional exploit codes to infect a computer.
Aliases: Rayl.A, Rayl, Worm.MSN.Elon.a, AdClicker-BD
Just thought I'd let you know