Re: More Webserver / IE Exploits
From: Benjamin Franz (snowhare_at_nihongo.org)
Date: 07/20/04
- Previous message: Hubbard, Dan: "More Webserver / IE Exploits"
- In reply to: Hubbard, Dan: "More Webserver / IE Exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 20 Jul 2004 10:15:45 -0700 (PDT) To: "Hubbard, Dan" <dhubbard@websense.com>
On Mon, 19 Jul 2004, Hubbard, Dan wrote:
> We have discovered more than 300 websites that include malicious code
> that will attempt to run a program on your machine without end-user
> intervention. Similar to the recent Scob attack, a dual-pronged approach
> of exploiting vulnerable servers and clients is being used.
>
> There is no commonality on the web server side with the exception of 164
> sites that are all hosted by the same hosting facility in Florida.
>
> Details on the hosting facility in Florida:
>
> The site that includes the exploit code is:
>
> http://www.karl-marx.ru/
[...]
I suspect this domain is a BlackHat server - period. We had a keylogger
trojan ("Padonok" - it WAS NOT detected by our any of our virus scanners,
malware detectors et al) hit one of our desktops more than a month ago.
It tried to deliver the stolen data to that server. That they are *still*
in operation tells you that they are either unbelievably incompetent or
actually owned in the financial sense by the bad guys.
Here is what little I know about them:
http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=93&mode=thread
That dates all the way back to March...
--
Benjamin Franz
Catapultam habeo.
Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.
(Translation: "I have a catapult. Give me all the money or I will fling
an enormous rock at your head.")
Henry Beard
- Previous message: Hubbard, Dan: "More Webserver / IE Exploits"
- In reply to: Hubbard, Dan: "More Webserver / IE Exploits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
