lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0407201003460.10074-100000@high-mountain.nihongo.org>
Date: Tue, 20 Jul 2004 10:15:45 -0700 (PDT)
From: Benjamin Franz <snowhare@...ongo.org>
To: "Hubbard, Dan" <dhubbard@...sense.com>
Cc: NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM, <bugtraq@...urityfocus.com>,
	<incidents@...urityfocus.com>
Subject: Re: More Webserver / IE Exploits


On Mon, 19 Jul 2004, Hubbard, Dan wrote:

> We have discovered more than 300 websites that include malicious code
> that will attempt to run a program on your machine without end-user
> intervention. Similar to the recent Scob attack, a dual-pronged approach
> of exploiting vulnerable servers and clients is being used. 
> 
> There is no commonality on the web server side with the exception of 164
> sites that are all hosted by the same hosting facility in Florida.
> 
> Details on the hosting facility in Florida:
> 
> The site that includes the exploit code is:
> 
> http://www.karl-marx.ru/

[...]

I suspect this domain is a BlackHat server - period. We had a keylogger
trojan ("Padonok" - it WAS NOT detected by our any of our virus scanners,
malware detectors et al) hit one of our desktops more than a month ago.  
It tried to deliver the stolen data to that server. That they are *still*
in operation tells you that they are either unbelievably incompetent or
actually owned in the financial sense by the bad guys.

Here is what little I know about them:

http://spamwatch.codefish.net.au/modules.php?op=modload&name=News&file=article&sid=93&mode=thread

That dates all the way back to March...

-- 
Benjamin Franz

Catapultam habeo. 

Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.

(Translation: "I have a catapult. Give me all the money or I will fling 
 an enormous rock at your head.")
                                        Henry Beard



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ