[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] browser hijack by apache sites

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] browser hijack by apache sites
From: Feher Tamas <etomcat@xxxxxxxxxxx>
Date: Mon, 24 May 2004 14:46:46 +0200 (CEST)

Hello,

>http://www.b00gle.com/fa/?d=get

Starting from here, the usual combination of unpatched IE and plain 
user will quickly receive a nice set of malware automatically:
Small.gl, Istbar.dw, Java_Classloader, Java_OpenStream, etc.

The end station is probably Gator, CoolWeb, a spam proxy or 
something even nastier.

>http://www.pizdato.biz/acc1/exploit.exe

"This file works "normally", installs itself and creates a startup key in 
the Registry. It can download files from Internet. Could be classified as 
a new TrojanDownloader malware"

Sincerely: Tamas Feher.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] browser hijack by apache sites
  - From: Filbert
- Re: [Full-Disclosure] browser hijack by apache sites
  - From: Matthijs Dalhuijsen

Prev by Date: Re: [Full-Disclosure] irc over ssl
Next by Date: Re: [Full-Disclosure] irc over ssl
Previous by thread: Re:[Full-Disclosure] browser hijack by apache sites
Next by thread: Re: [Full-Disclosure] browser hijack by apache sites
Index(es):
- Date
- Thread