Full Disclosure mailing list archives
Re: browser hijack by apache sites
From: Filbert <filbert () pandora be>
Date: Mon, 24 May 2004 16:36:14 +0200
On Monday May 24 2004 14:46, Feher Tamas wrote:
Hello,http://www.b00gle.com/fa/?d=getStarting from here, the usual combination of unpatched IE and plain user will quickly receive a nice set of malware automatically: Small.gl, Istbar.dw, Java_Classloader, Java_OpenStream, etc. The end station is probably Gator, CoolWeb, a spam proxy or something even nastier.http://www.pizdato.biz/acc1/exploit.exe"This file works "normally", installs itself and creates a startup key in the Registry. It can download files from Internet. Could be classified as a new TrojanDownloader malware" Sincerely: Tamas Feher.
I agree, but my concern is how does it infect apache webservers by adding this peace of malware at the bottom of a web page? -- echo "+++ATH0filb@+++ATH0filb () linuxmail org" | sed 's/+++ATH0//g' _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- browser hijack by apache sites Filbert (May 23)
- <Possible follow-ups>
- Re: browser hijack by apache sites D B (May 23)
- Re:browser hijack by apache sites Ian Latter (May 23)
- browser hijack by apache sites Feher Tamas (May 24)
- Re: browser hijack by apache sites Filbert (May 24)
- Re: browser hijack by apache sites Matthijs Dalhuijsen (May 25)