Comments on: P0wned by a QT movie

By: kevstelo

kevstelo — Mon, 11 Jun 2007 07:30:09 +0000

I think I’ve read something simillar a few days ago. I don’t remember where, might have been on digg.com or slashdot.

By: HelloWorld

HelloWorld — Sat, 28 Apr 2007 11:48:10 +0000

Peace people

We love you

By: me 4you

me 4you — Wed, 25 Apr 2007 21:23:45 +0000

their own personal space at last

Yeah!. Congratulations for the blog
Your post is very interesting .In your blog are a lot of good post..
I’ll bookmark you.
A462fc6cb9bbeb

By: Didier Stevens

Didier Stevens — Sun, 01 Apr 2007 18:49:34 +0000

Yes, a lot of malware programs can disable security software, like AV. However, most of them can only do this when you run as local admin.

By: Elizabeth m Maloney

Elizabeth m Maloney — Wed, 28 Mar 2007 01:57:34 +0000

I am protected by McAfe…but have this trojan I suspect…is it possible that somehow this malware or whatever can disable my virus protection? There have been a few occasions when I have found my protection disabled, yet I hadn’t disabled it.

Elizabeth

By: :: Binary Paradox :: » Blog Archive » A Eulogy for Flatfiles

:: Binary Paradox :: » Blog Archive » A Eulogy for Flatfiles — Mon, 19 Mar 2007 18:02:16 +0000

[...] to execute scriptable content in the context of the current website. Didier Stevens has a nice write up of the particular exploit. Though it appears patched with the latest version of Quicktime it [...]

By: Russ McRee

Russ McRee — Mon, 19 Mar 2007 17:57:51 +0000

Posted a Snort sig to BleedingThreats.net.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”BLEEDING-EDGE CURRENT EVENTS SpaceTalk-QT-js”; flow:to_server,established; uricontent:”/logs4/sqltrack.js”; nocase; classtype:trojan-activity; reference:url,didierstevens.wordpress.com/2007/03/12/p0wned-by-a-qt-movie/; sid:2003507; rev:1;)

By: Chris Mosby at myITforum.com : McAfee Avert Labs Blog - MySpace Woes: Trojan Targets French Rock Band Fans - Friday March 16, 2007

Mon, 19 Mar 2007 16:14:13 +0000

[...] detailed analysis of this interesting infection vector can be viewed at Didier Stevens’s blog. A silver lining in the whole murky episode is that McAfee customers are proactively protected from [...]

By: Didier Stevens

Didier Stevens — Mon, 19 Mar 2007 11:36:30 +0000

@Anonymous

ADODB.Stream for example, http://www.f-secure.com/v-descs/adodb_stream.shtml

By: Update: P0wned by a QT movie « Didier Stevens

Update: P0wned by a QT movie « Didier Stevens — Sun, 18 Mar 2007 19:14:45 +0000

[...] version (7.1.5) without support for JavaScript. This happened about a week before I posted “P0wned by a QT movie”. I had analyzed the infection and written (but not published) my post before Apple published the [...]