Re: [Quickfix-developers] quickfix-1.10.2.zip\TAGLINE.JPG Exploit-QtPICT (Trojan)

[Oren M. <or...@qu...>]

Exploit-QtPICT is apparently some sort of trojan that takes advantage of 
a buffer overflow in QuickTime:

http://vil.nai.com//vil/content/v_137972.htm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2340

My feeling is that this is a false alarm.  The exploit was discovered 
last month, while tagline.jpg is over 3 1/2 years old.  The potential 
for exploit has probably always been there, but I don't this the 
awareness of it (by good guys or bad guys) has.  My guess is that there 
is something about the file that makes it suspicious as a potential 
abuser of the exploit.  If the alarm is ligitimate, it can only do 
anything if viewed through the QuickTime picture viewer.  So don't do 
that.  The file itself is not used anywhere so it can and should be 
deleted regardless.

There have been no reports of any virus infections from any of the 
QuickFIX release packages.  That particular package has been available 
for over 6 months and has been downloaded over 3,000 times.

--oren

Subert Mladen wrote:

>QuickFIX Documentation: http://www.quickfixengine.org/quickfix/doc/html/index.html
>QuickFIX Support: http://www.quickfixengine.org/services.html
>
>Our virus scanner has reported the following. It this a real problem ?
>Thanks
>
>06.02.2006	05:01:49	No Action Taken 	EX\rpa
>xcopy.exe	C:\develop\rpa_s_TNS_TSDP016\TnsCopy\TestTools\FIX
>Client Simulator\quickfix-1.10.2.zip\TAGLINE.JPG	Exploit-QtPICT
>(Trojan)
>06.02.2006	05:01:49	Deleted (Clean failed because the file
>isn't cleanable) 	EX\rpa	xcopy.exe
>C:\develop\rpa_s_TNS_TSDP016\TnsCopy\TestTools\FIX Client
>Simulator\quickfix-1.10.2.zip\TAGLINE.JPG	Exploit-QtPICT (Trojan)
>06.02.2006	05:01:49	Delete failed (Clean failed because the
>file isn't cleanable) 	EX\rpa	xcopy.exe
>C:\develop\rpa_s_TNS_TSDP016\TnsCopy\TestTools\FIX Client
>Simulator\quickfix-1.10.2.zip\QUICKFIX-1.10.2.ZIP	Exploit-QtPICT
>(Trojan)
>06.02.2006	05:07:26	No Action Taken 	EX\rpa	ct.exe
>C:\develop\rpa_s_TNS_TSDP016\tns\TestTools\FIX Client
>Simulator\quickfix-1.10.2.zip.loading\TAGLINE.JPG	Exploit-QtPICT
>(Trojan)
>06.02.2006	05:07:26	Deleted (Clean failed because the file
>isn't cleanable) 	EX\rpa	ct.exe
>C:\develop\rpa_s_TNS_TSDP016\tns\TestTools\FIX Client
>Simulator\quickfix-1.10.2.zip.loading\TAGLINE.JPG	Exploit-QtPICT
>(Trojan)
>06.02.2006	05:07:26	Delete failed (Clean failed because the
>file isn't cleanable) 	EX\rpa	ct.exe
>C:\develop\rpa_s_TNS_TSDP016\tns\TestTools\FIX Client
>Simulator\quickfix-1.10.2.zip.loading\QUICKFIX-1.10.2.ZIP.LOADING
>Exploit-QtPICT (Trojan)
> 
> 
>This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
>for problems?  Stop!  Download the new AJAX search engine that makes
>searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
>http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
>_______________________________________________
>Quickfix-developers mailing list
>Qui...@li...
>https://lists.sourceforge.net/lists/listinfo/quickfix-developers
>
>
>  
>