Bugtraq mailing list archives
RE: defacements for the installation of malcode
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 14 Feb 2007 19:07:16 -0600 (CST)
On Wed, 14 Feb 2007, Jeremy Epstein wrote:
There was also a really entertaining presentation from Patrick Petersen of IronPort at RSA, in which he mentioned use of defaced web sites as proxy forwarders for spammers. According to the presentation, the spammers have a fairly sophisticated toolkit that takes over the site and turns it into a pharmacy (or whatever) redirect site. A different goal from the Websense presentation, but still a purpose other than simple defacement.
Indeed. I can post some screenshots of some of these tools if you are interested in them. Anon remailers, spam tools, etc. More and more spam is being sent using web servers. I am looking for someone to volunteer to create spam assasin rules based on how these tools send mail. You can find my writeup and link to article on this subject here: http://blogs.securiteam.com/index.php/archives/815 Gadi.
--Jeremy-----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Monday, February 12, 2007 11:17 AM To: php-wars () whitestar linuxbox org Cc: botnets () whitestar linuxbox org; full-disclosure () lists grok org uk; bugtraq () securityfocus com Subject: defacements for the installation of malcode Websense just released a blog post on how sites get defaced for malicious purposes other than the defacement itself, such as installing mallicious software on visiting users. This is yet another layer of abuse of web server attack platforms. You can find their post here: http://www.websense.com/securitylabs/blog/blog.php?BlogID=109 Gadi.
Current thread:
- defacements for the installation of malcode Gadi Evron (Feb 14)
- <Possible follow-ups>
- RE: defacements for the installation of malcode Jeremy Epstein (Feb 15)
- RE: defacements for the installation of malcode Gadi Evron (Feb 15)