lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20070215223442.GA2158@localhost>
Date: Thu, 15 Feb 2007 17:34:42 -0500
From: phish_n_bots@...ty.ece.cmu.edu
To: Gadi Evron <ge@...uxbox.org>, php-wars@...testar.linuxbox.org,
	botnets@...testar.linuxbox.org, full-disclosure@...ts.grok.org.uk
Subject: Re: defacements for the installation of malcode

I would be interested in you posting some screenshots.

Thanks

Aaron

On Wed, Feb 14, 2007 at 07:07:16PM -0600, Gadi Evron wrote:
> On Wed, 14 Feb 2007, Jeremy Epstein wrote:
> > There was also a really entertaining presentation from Patrick Petersen of
> > IronPort at RSA, in which he mentioned use of defaced web sites as proxy
> > forwarders for spammers.  According to the presentation, the spammers have a
> > fairly sophisticated toolkit that takes over the site and turns it into a
> > pharmacy (or whatever) redirect site.  A different goal from the Websense
> > presentation, but still a purpose other than simple defacement.
> 
> Indeed. I can post some screenshots of some of these tools if you are
> interested in them.
> 
> Anon remailers, spam tools, etc. More and more spam is being sent using
> web servers.
> 
> I am looking for someone to volunteer to create spam assasin rules based
> on how these tools send mail.
> 
> You can find my writeup and link to article on this subject here:
> http://blogs.securiteam.com/index.php/archives/815
> 
> 	Gadi.
> 
> > 
> > --Jeremy
> > 
> > > -----Original Message-----
> > > From: Gadi Evron [mailto:ge@...uxbox.org] 
> > > Sent: Monday, February 12, 2007 11:17 AM
> > > To: php-wars@...testar.linuxbox.org
> > > Cc: botnets@...testar.linuxbox.org; 
> > > full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
> > > Subject: defacements for the installation of malcode
> > > 
> > > Websense just released a blog post on how sites get defaced 
> > > for malicious purposes other than the defacement itself, such 
> > > as installing mallicious software on visiting users.
> > > 
> > > This is yet another layer of abuse of web server attack platforms.
> > > 
> > > You can find their post here:
> > > http://www.websense.com/securitylabs/blog/blog.php?BlogID=109
> > > 
> > > 	Gadi.
> > > 
> > 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ