[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY2-F2rkNCP8Q9pmtS00035785@hotmail.com>
From: csk_1975 at hotmail.com (Carlos Kramer)
Subject: Name One Web Site Compromised by Download.Ject?
If you use google/altavista et al to search for some of the more obvious
parts of the javascript a few come up, for example "function gc099":-
www.bifconference.com/bif2002/newsroom/Dunn_synop.rtf
www.biketas.org.au/BikeTas/ meetings/2001-10-02-minutes.txt
www.planetkc.com/sloth/sci/blklst.txt
englishrosesuites.com/style.css
www.nf.crimestoppers.ca/1992/92-93-11
www.afz.ch/Vereinigung/Accueil/
Association/Welcome/Examinations/rev.tabelleen.rtf
etc, etc, etc...
and although this one isn't infected its pretty funny to read:-
www.milonic.com/mfa/2004-June/004443.html
>From: "Edge, Ronald D" <edge@...iana.edu>
>To: <full-disclosure@...ts.netsys.com>
>Subject: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?
>Date: Wed, 30 Jun 2004 08:39:32 -0500
>
>From the latest issue of:
>************************************************************************
>*
>SANS NewsBites June 30, 2004 Vol. 6, Num.
>26
>************************************************************************
>*
>Legal liability question: Has anyone contacted an attorney yet about
>damage done by either of these two possibly negligent actions: (1) the
>Wittie worm when the security software vendor may have allowed many
>customers to have their systems disabled because selected users may not
>have gotten the patch for weeks after it was ready, or (2) Download.Ject
>damage done to consumers - through loss of identity data and banking
>passwords -- by infected web sites that apparently did not tell their
>clients that the site was infected? If you have gotten legal advice
>about these, please let us know by emailing info@...s.org with subject
>"legal liability."
>================================
>
>So here was my email to SANS:
>
>What I want to know is where the heck are the publicized identies of the
>supposedly many major web sites that were infecting their
>customers/visitors??
>
>I have rarely seen such an obvious massive hush job and coverup. I have
>searched the news articles on Download.Ject and to date I have not found
>a SINGLE EXPOSED IDENTITY of a web site.
>
>I have pointed this out to a well known IT journalist I correspond with
>by email regularly, and he replied that he thinks it is definitely a
>story worth pursuing.
>
>I frankly am appalled that not a single site has been named, at least
>not to my knowlege, and I have TRIED to find one named in the news
>online.
>
>Ron.
>
>Ronald D. Edge
>Director of Information Systems
>Indiana University Intercollegiate Athletics
>edge@...iana.edu (812)855-9010
>http://iuhoosiers.com
>
>Corporate IT's reaction to spyware has been surprising: it's been
>largely swept under the rug. The problem is that you can't hide an
>elephant by sweeping it under the rug. It leaves quite a bulge.
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
_________________________________________________________________
MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood!
http://movies.msn.click-url.com/go/onm00200509ave/direct/01/
Powered by blists - more mailing lists