Bugtraq mailing list archives

RE: defacements for the installation of malcode

From: Jeremy Epstein <jepstein () webmethods com>
Date: Wed, 14 Feb 2007 18:51:00 -0500

There was also a really entertaining presentation from Patrick Petersen of
IronPort at RSA, in which he mentioned use of defaced web sites as proxy
forwarders for spammers.  According to the presentation, the spammers have a
fairly sophisticated toolkit that takes over the site and turns it into a
pharmacy (or whatever) redirect site.  A different goal from the Websense
presentation, but still a purpose other than simple defacement.

--Jeremy

-----Original Message-----
From: Gadi Evron [mailto:ge () linuxbox org] 
Sent: Monday, February 12, 2007 11:17 AM
To: php-wars () whitestar linuxbox org
Cc: botnets () whitestar linuxbox org; 
full-disclosure () lists grok org uk; bugtraq () securityfocus com
Subject: defacements for the installation of malcode

Websense just released a blog post on how sites get defaced 
for malicious purposes other than the defacement itself, such 
as installing mallicious software on visiting users.

This is yet another layer of abuse of web server attack platforms.

You can find their post here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=109

      Gadi.

Current thread:

defacements for the installation of malcode Gadi Evron (Feb 14)
- <Possible follow-ups>
- RE: defacements for the installation of malcode Jeremy Epstein (Feb 15)
  - RE: defacements for the installation of malcode Gadi Evron (Feb 15)