lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue Apr  4 10:23:30 2006
From: j.grosjean at proxiad.com (Julien GROSJEAN - Proxiad)
Subject: Invisionzone.com board hacked...and	Invision
	won't do a thing...

This page download these files on my vmware station (XPSP2) :

* wochevt0.wmf (Download.Trojan)
* count.jar-14a1bd95-63a.zip (Trojan.ByteVerify)

These files were downloaded without any action from my part and with 
firefox 1.5

Cheers.

GroundZero Security a ?crit :
> Some ISP's only do server "housing" and just give the customer full root rights over their
> Server and stop to care from that point on. I have had a few customers that have been hacked
> and when i reported it to their ISP's i offten got reply's like "It is the responsibility of the Customer
> to handle such situations [...] We just host the Server [...]".
> 
> Anothertime i had a infected Windows System from a customer and found some Spyware on it that was
> hosted on the Rackspace Network. When i reported it to Rackspace after weeks i got an reply
> saying that i could download the deinstall script from the site aswell.... Thats all. When i mailed back
> to ask if they do not care about their reputation i did not get a reply anymore.
> 
> My opinion is that its all about money. Here and then ISP's probably receive cash from the Spyware Vendors
> and so allow such Software to be hosted. Of course in public they act like they would want to prevent
> such activity.
> 
> -sk
> 
> GroundZero Security Research and Software Development
> http://www.groundzero-security.com
> 
> Wir widersprechen der Nutzung oder ?bermittlung unserer Daten
> f?r Werbezwecke oder f?r die Markt- oder Meinungsforschung (? 28 Abs. 4 BDSG).
> 
> pub  1024D/69928CB8 2004-09-27 Stefan Klaas <sk@...undzero-security.com>
> sub  2048g/2A3C7800 2004-09-27
> 
> Key fingerprint = A93E 41F8 7E82 5F2C 3E76  41F1 4BCF 3096 6992 8CB8
> 
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> mQGiBEFX440RBADGTKOgZR9Y9VA/cfNLWTIN/OmXe9l6UZJ6pY8Hqcv6DFE//Kt9
> UfQMU470i+I7SvIHZN066Kl4ts4r90sLxXrE4r5VQCLTsJM68cliatrM8MbbZZs+
> xf3ldelZrHNvHkXDk4I/n3O56F9M6tZ/S71AIj++raIbFX57fn8Z8NNOnwCgwDr6
> LDVP+5N4DML1/+uvXNtoL30D/A/GUXd6lJ8i7MoZMzwKk1uwDsgWwP+Wm0hMwJMr
> fR/di9K55pGdlGFNO5P2L3qOl2BaC8raNkLcXaweW+bao3P66nzpdtmecsjCMWq2
> tQWgu/O7S1FgzlUAKJSOc2Th5PY9Raum8bXnSv4gnHZCKjNskIdrz8WDxCzEoPtZ
> eCssA/9ydHRvNIPjOTmzjXoE+UbJrB/U//u3dpAsLkzclKeSgjV2eYUgHGcqYn+H
> cFoubD78yFWqZqYtxfiyjBlItsIn9ls0gAZFKDFHd1XfOLFSa0/NHNpHLxCZGFIA
> tQ0Gp47VRmTPkWJ7lB505w0XioNs1H/1K1RSp++7+t1SNkBlobQpU3RlZmFuIEts
> YWFzIDxza0Bncm91bmR6ZXJvLXNlY3VyaXR5LmNvbT6IVwQTEQIAFwUCQVfjjQUL
> BwoDBAMVAwIDFgIBAheAAAoJEEvPMJZpkoy4AnYAmwTot1PMUty1YoCuMVg6cpr7
> HKy1AJ98jyzD365YkIQAEiihXlQJ4zrxBLkCDQRBV+OvEAgAiu75prsTQZdNijtY
> eMQhl4tEL8qi8JOFluYGnvPYjDzU0PY9E4mNx/w2BgYcM3lTVzSmaiLEJ1AzeOHn
> w+pLDWsorRZuVI9q3+ExW3s2yFX4ppdHAVBMuYsQyVJRkbobCkcwTbUYXr23pKzh
> D8WRAJ991k2lNcQHxMgixAN+55XBFLhwLB0Yz7XmhFYLid5dLxdPllLIV3ZHDeY0
> SEqMSpw96+gV0QpX7YH9U2VBr3Wz7Ss6qNZkcgHQw1xmk6Yy24QnT4a9oZD06Yjr
> cCocXnyI/YLW1wXo/6Hh44UH3b9mKUX6eh8ybn7QCnZDG7AdxbglLiPTkdcx0YoT
> NANZBwADBwf8CrjVKiXSzyhUsdH1es1KQCZ/zH6PvPzdxqYuGuVVMzgaJeeOMS2G
> 4rLfw2ILahAS0fjng6zX2c1ndPVJ6oAq3IygWsqJH6Uh23NmKTlyx3KtSgyW7YsB
> Rn/4wobuojArTHTl+X3U4JZTUEb9E4osB9bFjdsgXcxNSwXghQMh1x5eS5/fcjLd
> tACNq0x2/zh8zTJFHK+oNCLY2+iBjTUn7K03rEhQo6HqbPYwyc3LUCwBuFHFDVWp
> bZqa4knO0H5BBmbiI09kaVPOs0qRLXCAf1oy9PxK5ZBJ4WfQAnMAU+TuNrTuW2SU
> NMh92TCELdDpl/pMDbbBGeJdMvXZmY99HIhGBBgRAgAGBQJBV+OvAAoJEEvPMJZp
> koy4p1QAoIaYw3VxA0/mixUsMO4R13sXIL/pAJ9zodR+A9+bLqCRlVusG8JhItv1
> Ow==
> =E0o1
> -----END PGP PUBLIC KEY BLOCK-----
> 
> Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der
> richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben, informieren
> Sie bitte sofort den Absender und vernichten Sie diese E-Mail.
> Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail oder von
> Teilen dieser E-Mail ist nicht gestattet.
> 
> This E-mail might contain confidential information. If you are not the right addressee
> or you have recived this Mail in error, please inform the Sender as soon as possible
> and delete this E-Mail immediately. You are not allowed to make any copies or
> relay this E-Mail.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ