Full Disclosure mailing list archives
Re: SV: New malware to infect IIS and from there jump to clients
From: Nasir Ghaznavi <nasirghaznavi () gmail com>
Date: Sat, 26 Jun 2004 05:04:49 +0500
As of now the server, which was a russian server has been taken down. Nasir Ghaznavi On Fri, 25 Jun 2004 10:36:08 +0100, Duncan Hill <dhill+fulldisc () cricalix net> wrote:
On Friday 25 June 2004 07:05, Peter Kruse might have typed:When the javascript runs it will try to redirect you to a remote server http://217.107.218.147. This is where the MSITS.EXE and the javascripts are stored. As far as I know they do not reside on the compromised IIS servers, but simply pulls of the the payload from the remote host. Meanwhile the host is no longer available.I've noticed that several ISPs appear to have null-routed that IP. I can't get past our ISP's upstream right now - trace just dies. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Evidence of a ISC being hacked? VX Dude (Jun 24)
- Re: Evidence of a ISC being hacked? Valdis . Kletnieks (Jun 24)
- Re: Evidence of a ISC being hacked? VX Dude (Jun 24)
- Re: Evidence of a ISC being hacked? Valdis . Kletnieks (Jun 24)
- Re: [FD] Evidence of a ISC being hacked? Thomas Binder (Jun 24)
- Re: Evidence of a ISC being hacked? Eric Paynter (Jun 24)
- New malware to infect IIS and from there jump to clients Peter Kruse (Jun 24)
- Re: New malware to infect IIS and from there jump to clients Nick FitzGerald (Jun 24)
- SV: New malware to infect IIS and from there jump to clients Peter Kruse (Jun 24)
- Re: SV: New malware to infect IIS and from there jump to clients Duncan Hill (Jun 25)
- Re: SV: New malware to infect IIS and from there jump to clients Nasir Ghaznavi (Jun 25)
- Re: Evidence of a ISC being hacked? VX Dude (Jun 24)
- Re: Evidence of a ISC being hacked? Valdis . Kletnieks (Jun 24)
- Re: New malware to infect IIS and from there jump to clients Gary Flynn (Jun 25)
- RE: New malware to infect IIS and from there jump to clients joe (Jun 25)
- Re: New malware to infect IIS and from there jump to clients insecure (Jun 25)
- Re: New malware to infect IIS and from there jump to clients Matt Power (Jun 27)
- Re: Evidence of a ISC being hacked? VX Dude (Jun 24)
- Re: Evidence of a ISC being hacked? Valdis . Kletnieks (Jun 25)
- IE exploit runs code from graphics? Larry Seltzer (Jun 24)
- RE: IE exploit runs code from graphics? Heather M. Guse Bryan (Jun 24)
- Re: IE exploit runs code from graphics? Nick FitzGerald (Jun 24)