Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ant-Sec - We are going to terminateHackforums.net and Milw0rm.com - New Apache 0-day exploit uncovered

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 15 Jul 2009 15:11:21 -0400


That site has already been pwned by the DEA, so if you go there, 
expect to be logged and contacted.



I doubt that .. for several reasons.

1. The DEA likes to announce their successes, so there'd be a press 
release about it.
2. Junk like that is in places like 4chan, et.al. all the time .. just 
to make k1dd13s crap their pants.
3. Google of the hostname provides no links to actual drug sales at all 
.. just a bunch of IRC chat logs. If it actually had been used for that, 
it'd be in tons of spam links.
4. Hosting provider is Linode.com, a VPS colo.
5. The "real" DEA banner (http://www.usdoj.gov/dea/dea_banner.jpg) was 
edited with Photoshop to produce the one on that site : "wget -proxy=on 
-O - http://narc.oti.cz/dea_banner.jpg |strings |head -3"

JFIF
Ducky
Adobe

But as always .. click on links in email at your own risk. Use TOR+wget 
if you want to be careful.

Cheers,

Michael Holstein
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: