[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] browser hijack by apache sites

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] browser hijack by apache sites
From: Filbert <filbert@xxxxxxxxxx>
Date: Mon, 24 May 2004 16:36:14 +0200

On Monday May 24 2004 14:46, Feher Tamas wrote:
> Hello,
>
> >http://www.b00gle.com/fa/?d=get
>
> Starting from here, the usual combination of unpatched IE and plain
> user will quickly receive a nice set of malware automatically:
> Small.gl, Istbar.dw, Java_Classloader, Java_OpenStream, etc.
>
> The end station is probably Gator, CoolWeb, a spam proxy or
> something even nastier.
>
> >http://www.pizdato.biz/acc1/exploit.exe
>
> "This file works "normally", installs itself and creates a startup key in
> the Registry. It can download files from Internet. Could be classified as
> a new TrojanDownloader malware"
>
> Sincerely: Tamas Feher.
>

I agree, but my concern is how does it infect apache webservers by adding this 
peace of malware at the bottom of a web page?


-- 
echo "+++ATH0filb@+++ATH0filb@linuxmail.org" | sed 's/+++ATH0//g'

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] browser hijack by apache sites
  - From: Feher Tamas

Prev by Date: Re: [Full-Disclosure] irc over ssl
Next by Date: [Full-Disclosure] Bobax and Kibuv
Previous by thread: [Full-Disclosure] browser hijack by apache sites
Next by thread: Re: [Full-Disclosure] browser hijack by apache sites
Index(es):
- Date
- Thread