[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] defacements for the installation of malcode

To: Gadi Evron <ge@xxxxxxxxxxxx>, php-wars@xxxxxxxxxxxxxxxxxxxxxx, botnets@xxxxxxxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] defacements for the installation of malcode
From: phish_n_bots@xxxxxxxxxxxxxxxxx
Date: Thu, 15 Feb 2007 17:34:42 -0500

I would be interested in you posting some screenshots.

Thanks

Aaron

On Wed, Feb 14, 2007 at 07:07:16PM -0600, Gadi Evron wrote:
> On Wed, 14 Feb 2007, Jeremy Epstein wrote:
> > There was also a really entertaining presentation from Patrick Petersen of
> > IronPort at RSA, in which he mentioned use of defaced web sites as proxy
> > forwarders for spammers.  According to the presentation, the spammers have a
> > fairly sophisticated toolkit that takes over the site and turns it into a
> > pharmacy (or whatever) redirect site.  A different goal from the Websense
> > presentation, but still a purpose other than simple defacement.
> 
> Indeed. I can post some screenshots of some of these tools if you are
> interested in them.
> 
> Anon remailers, spam tools, etc. More and more spam is being sent using
> web servers.
> 
> I am looking for someone to volunteer to create spam assasin rules based
> on how these tools send mail.
> 
> You can find my writeup and link to article on this subject here:
> http://blogs.securiteam.com/index.php/archives/815
> 
>       Gadi.
> 
> > 
> > --Jeremy
> > 
> > > -----Original Message-----
> > > From: Gadi Evron [mailto:ge@xxxxxxxxxxxx] 
> > > Sent: Monday, February 12, 2007 11:17 AM
> > > To: php-wars@xxxxxxxxxxxxxxxxxxxxxx
> > > Cc: botnets@xxxxxxxxxxxxxxxxxxxxxx; 
> > > full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
> > > Subject: defacements for the installation of malcode
> > > 
> > > Websense just released a blog post on how sites get defaced 
> > > for malicious purposes other than the defacement itself, such 
> > > as installing mallicious software on visiting users.
> > > 
> > > This is yet another layer of abuse of web server attack platforms.
> > > 
> > > You can find their post here:
> > > http://www.websense.com/securitylabs/blog/blog.php?BlogID=109
> > > 
> > >   Gadi.
> > > 
> > 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] defacements for the installation of malcode
  - From: Jeremy Epstein
- Re: [Full-disclosure] defacements for the installation of malcode
  - From: Gadi Evron

Prev by Date: Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability
Next by Date: [Full-disclosure] utorrent issue?
Previous by thread: Re: [Full-disclosure] defacements for the installation of malcode
Next by thread: Re: [Full-disclosure] defacements for the installation of malcode
Index(es):
- Date
- Thread