[Full-Disclosure] Name One Web Site Compromised by Download.Ject?

From: Edge, Ronald D (edge_at_indiana.edu)
Date: 06/30/04

  • Next message: Kurt Lieber: "[ GLSA 200406-22 ] Pavuk: Remote buffer overflow"
    To: <full-disclosure@lists.netsys.com>
    Date: Wed, 30 Jun 2004 08:39:32 -0500

    From the latest issue of:
    SANS NewsBites June 30, 2004 Vol. 6, Num.
    Legal liability question: Has anyone contacted an attorney yet about
    damage done by either of these two possibly negligent actions: (1) the
    Wittie worm when the security software vendor may have allowed many
    customers to have their systems disabled because selected users may not
    have gotten the patch for weeks after it was ready, or (2) Download.Ject
    damage done to consumers - through loss of identity data and banking
    passwords -- by infected web sites that apparently did not tell their
    clients that the site was infected? If you have gotten legal advice
    about these, please let us know by emailing info@sans.org with subject
    "legal liability."

    So here was my email to SANS:

    What I want to know is where the heck are the publicized identies of the
    supposedly many major web sites that were infecting their

    I have rarely seen such an obvious massive hush job and coverup. I have
    searched the news articles on Download.Ject and to date I have not found
    a SINGLE EXPOSED IDENTITY of a web site.

    I have pointed this out to a well known IT journalist I correspond with
    by email regularly, and he replied that he thinks it is definitely a
    story worth pursuing.

    I frankly am appalled that not a single site has been named, at least
    not to my knowlege, and I have TRIED to find one named in the news


    Ronald D. Edge
    Director of Information Systems
    Indiana University Intercollegiate Athletics
    edge@indiana.edu (812)855-9010

    Corporate IT's reaction to spyware has been surprising: it's been
    largely swept under the rug. The problem is that you can't hide an
    elephant by sweeping it under the rug. It leaves quite a bulge.

    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Kurt Lieber: "[ GLSA 200406-22 ] Pavuk: Remote buffer overflow"