Threat HTTP TIF Folder

[artysan]

I uploaded a picture to a forum and the recipients replied that a virus was
embedded in it .I have carried out full scans of my computer with three
different systems .Also I have tried sending the picure to myself and then
scanning it and still cannot reproduce the complaints
They have not informed me of the virus/trojan name but sent the following

HTTP TIF Folder Info. Disclosure
Severity: Medium
This attack could pose a moderate security threat. It does not require
immediate action.

Description
This signature detects attempts to exploit an information disclosure
vulnerability exists in Internet Explorer in the way that drag and drop
operations are handled in certain situations.

Additional Information
An information disclosure vulnerability exists in Internet Explorer in the
way that drag and drop operations are handled in certain situations. An
attacker could exploit the vulnerability by constructing a specially crafted
Web page that could allow for information disclosure if a user viewed and
interacted with the Web page. An attacker who successfully exploited this
vulnerability would be able to retrieve files from the Temporary Information
Files (TIF) folder on a user?s system.

Affected:
Windows.

Response
Download and install the Microsoft patch applicable to this vulnerability.

Patch KB 92545 was installed months ago
Thank you artysan

 

[VanguardLH]

I uploaded a picture to a forum and the recipients replied that a
virus was
embedded in it ...

Submit the file to VirusTotal (http://www.virustotal.com/).

 

[David H. Lipman]

From: "artysan" <[email protected]>

| I uploaded a picture to a forum and the recipients replied that a virus was
| embedded in it .I have carried out full scans of my computer with three
| different systems .Also I have tried sending the picure to myself and then
| scanning it and still cannot reproduce the complaints
| They have not informed me of the virus/trojan name but sent the following
|

< snip >

| Thank you artysan

The Tibs Trojan has used steganographic techiques. However a peer utility is needed to
extract the executable Trojan from the JPEG.

Graphics in themselves can NOT be viruses.

Sending the graphic back to yourself is NOT a good test.

Please submit a sample of this suspect graphic to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[artysan]

E-mail with file sent to address as shown ,email returned quote"DNS Hard
error lookin up", address.
Went to website and sent file from there. Report showed nothing no virus's
or Trojans discovered Result 0/32 from scan. Regards and thanks for your
input,artysan.

 

[artysan]

attached file to email and sent to address you advised .Email returned "Bad
destination host DNS Hard error......
Went to website address and put file on there .Results was 0/32 scans.
Thanks for your input ,artysan

 

[David H. Lipman]

From: "artysan" <[email protected]>

| attached file to email and sent to address you advised .Email returned "Bad
| destination host DNS Hard error......
| Went to website address and put file on there .Results was 0/32 scans.
| Thanks for your input ,artysan

There 'ya go.