Full Disclosure mailing list archives
Re: defacements for the installation of malcode
From: phish_n_bots () dusty ece cmu edu
Date: Thu, 15 Feb 2007 17:34:42 -0500
I would be interested in you posting some screenshots. Thanks Aaron On Wed, Feb 14, 2007 at 07:07:16PM -0600, Gadi Evron wrote:
On Wed, 14 Feb 2007, Jeremy Epstein wrote:There was also a really entertaining presentation from Patrick Petersen of IronPort at RSA, in which he mentioned use of defaced web sites as proxy forwarders for spammers. According to the presentation, the spammers have a fairly sophisticated toolkit that takes over the site and turns it into a pharmacy (or whatever) redirect site. A different goal from the Websense presentation, but still a purpose other than simple defacement.Indeed. I can post some screenshots of some of these tools if you are interested in them. Anon remailers, spam tools, etc. More and more spam is being sent using web servers. I am looking for someone to volunteer to create spam assasin rules based on how these tools send mail. You can find my writeup and link to article on this subject here: http://blogs.securiteam.com/index.php/archives/815 Gadi.--Jeremy-----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Monday, February 12, 2007 11:17 AM To: php-wars () whitestar linuxbox org Cc: botnets () whitestar linuxbox org; full-disclosure () lists grok org uk; bugtraq () securityfocus com Subject: defacements for the installation of malcode Websense just released a blog post on how sites get defaced for malicious purposes other than the defacement itself, such as installing mallicious software on visiting users. This is yet another layer of abuse of web server attack platforms. You can find their post here: http://www.websense.com/securitylabs/blog/blog.php?BlogID=109 Gadi.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- defacements for the installation of malcode Gadi Evron (Feb 12)
- <Possible follow-ups>
- Re: defacements for the installation of malcode Jeremy Epstein (Feb 15)
- Re: defacements for the installation of malcode Gadi Evron (Feb 15)
- Re: defacements for the installation of malcode phish_n_bots (Feb 16)
- Re: defacements for the installation of malcode Gadi Evron (Feb 15)
- Re: defacements for the installation of malcode Vympel (Feb 17)