Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

BS Generator Worm/defacements??

From: "Oliver Petruzel" <oliverpetruzel () email com>
Date: Tue, 05 Feb 2002 01:09:13 +0800
Encountered on 2/4/02 - early AM.

ok, as a follow up to the message i sent earlier, I have come across several hundred victims (via google) now who have 
been infected/defaced by...something...?

victims symptoms:
1) Victim web page texts are replaced by a repeating paragraph as follows:

"through a top-down, proactive approach we can remain customer focused and goal-directed, innovate and be an inside-out 
organization which facilitates sticky web-readiness transforming turnkey eyeballs to brand 24/365 paradigms with 
benchmark turnkey channels implementing viral e-services and dot-com action-items while we take that action item 
off-line and raise a red flag and remember touch base as you think about the red tape outside of the box and seize 

B2B e-tailers and re-envisioneer innovative partnerships that evolve dot-com initiatives delivering synergistic 
earballs to incentivize B2B2C deliverables that leverage magnetic solutions to synergize clicks-and-mortar earballs 
while facilitating one-to-one action-items with revolutionary relationships that deliver viral markets and grow 
e-business supply-chains that expedite seamless relationships and transform back-end relationships with"

All the html of links in victim page are replaced with this text.  An example victim is here:
http://www.business.clientreadyweb.com/

2) The attacks do not appear to be OS, Webserver, or Geographicly dependent.

3) The paragraph was generated with what is known as the "Web economy bullshit generator" that is located in several 
places, such as:
http://www.dack.com/web/bullshit.html

---

now if this is old news of an old worm/defacement method, i cant find any info on it... so if not, then what the heck 
is it?

./oliver petruzel
Sr. network security engineer
near DC...
-- 

_______________________________________________
Win a ski trip!
http://www.nowcode.com/register.asp?affiliate=1net2phone3a



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: