Full Disclosure mailing list archives
Re: New Santy-Worm attacks *all* PHP-skripts
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 6 Jan 2005 01:23:01 -0800
The relevant code: --------- $procura = 'inurl:*.php?*=' . $numr; for($n=0;$n<900;$n += 10){ $sock = IO::Socket::INET->new(PeerAddr => "www.google.com.br", PeerPort => 80, Proto => "tcp") or next; print $sock "GET /search?q=$procura&start=$n HTTP/1.0\n\n";
nothing new here... unless... we try the L337 G00GLE HAX0R S34RCH STR!NGZ http://www.google.com/search?q=inurl:*.php%3F*%3D&hl=en&lr=&newwindow=1&start=90&sa=N BUT !!! LIES !!! LIES I SAY !!!! GOOGLE IS TELLING ME I AM INFECTED ( lmfao ) ------------------- / SNIP /------------------ "and it appears that your computer or network has been infected" -------------------/ SNIP /------------------ WRONG ANSWER WRONG EXPLAINATION WRONG JUST WRONG We're sorry... .. but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected. We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software. We apologize for the inconvenience, and hope we'll see you again on Google. bleh, now i need to find a new best friend... GOOGLE LIED :( m.w _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: New Santy-Worm attacks *all* PHP-skripts Raistlin (Jan 06)
- <Possible follow-ups>
- Re: New Santy-Worm attacks *all* PHP-skripts morning_wood (Jan 06)