Full Disclosure mailing list archives
Re: Possible First Crypto Virus Definitely Discovered!
From: "Billy B. Bilano" <mr.bill.bilano () email server unix bill bilano biz>
Date: Tue, 8 Jun 2004 14:26:42 -0500
Kenneth, These are insidious hackers! I did what you said and I am getting an exact duplicate of our web site! They have probably infiltrated the system and are using this to capture our customers' login information and passing it back to them encrypted! I can't believe this! I've already called a local consulting firm and they will be doing an eval this Thursday of our security measures that we've taken. Then, I am going to call the webmaster I just fired over this back in and have him sit in front of their report and see if he has anything to say for himself. Hah! Also, right before I wrote this message I blocked port 443 in and out on our firewall at the bank! I will be going over these servers very carefully tonight to look for anything wacky or goofy. -------- Mr. Billy B. Bilano, MSCE, CCNA <http://www.bilano.biz/> Expert Sysadmin Since 2003! 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS ----- Original Message ----- From: "Ng, Kenneth (US)" <kenng () kpmg com> To: "'Billy B. Bilano'" <mr.bill.bilano () email server unix bill bilano biz>; <full-disclosure () lists netsys com> Sent: Tuesday, June 08, 2004 1:51 PM Subject: RE: [Full-disclosure] Possible First Crypto Virus Definitely Discovered!
Question is, are you supposed to have a SSL server on that box? If so, that's what it is. If not, then you definitely have a problem. Try connecting to that box with the URL you normally use, just use "https" instead of "http". If you get the "normal" page, then someone turned on https without realizing it. If you get something different, then you investigate.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Possible First Crypto Virus Definitely Disc overed! Meeusen, Charles D (Jun 08)
- RE: Possible First Crypto Virus Definitely Discovered! Rodrigo Gutierrez (Jun 08)
- <Possible follow-ups>
- RE: Possible First Crypto Virus Definitely Disc overed! Ng, Kenneth (US) (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Billy B. Bilano (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Simon Richter (Jun 09)
- Re: Possible First Crypto Virus Definitely Discovered! kernel (Jun 09)
- Re: Possible First Crypto Virus Definitely Discovered! Tom Russell (Jun 09)
- Re: Possible First Crypto Virus Definitely Discovered! Billy B. Bilano (Jun 08)
- Second crypto virus discovered in the wild!!!!! VB (Jun 08)
- Re: Possible First Crypto Virus Definitely Disc overed! Nico Golde (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Micah McNelly (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Gregh (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Jerry Heidtke (Jun 08)
- Re: Possible First Crypto Virus Definitely Discovered! Denis Solaro (Jun 09)