funsec mailing list archives

RE: Cyber Crooks Hijack Activities of Large Web-Hosting Firm

From: "Hubbard, Dan" <dhubbard () websense com>
Date: Wed, 23 May 2007 12:46:48 -0700

I am pretty sure this happened quite some time ago and then are still working on clean-up. Minimum 8 months ago. They 
were all IFRAME Cash links.

________________________________

From: funsec-bounces () linuxbox org on behalf of Fergie
Sent: Wed 5/23/2007 12:10 PM
To: funsec () linuxbox org
Subject: [funsec] Cyber Crooks Hijack Activities of Large Web-Hosting Firm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Krebs:

[snip]

Organized crime groups have modified a significant share of the Web sites
operated by one of the Internet's largest Web hosting companies to launch
cyber attacks against visitors, Security Fix has learned.

Last month, Phoenix-based IPOWER Inc. was featured prominently in an
unflattering report by StopBadware.org, a joint effort by Google, Harvard
Law School's Berkman Center for Internet & Society and Oxford University's
Internet Institute. StopBadware has identified more than 90,000 sites that
attempt to install malicious software on visitors' computers via Internet
browser security holes or programming tricks. When a user tries to click on
one of these sites after they appear as Google search results, Google posts
a warning page stating that the site has been spotted trying to attack
previous visitors.

John Palfrey, a professor of Internet law at Harvard, said the report
showed that about 90 percent of the sites flagged as serving "badware"
appeared to be otherwise legitimate sites that had been hijacked by
criminals.

StopBadware found that about 10 percent of the sites in its database were
operated by IPOWER. Security Fix found that the problem at IPOWER may be
far worse than StopBadware indicated.

[snip]

More:
http://blog.washingtonpost.com/securityfix/2007/05/cyber_crooks_hijack_acti
vities_1.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGVJGwq1pz9mNUZTMRArJKAJ483U4yogN8zFypBJyxkaVkL60W2gCeOFUf
RlLUSyvplDOgmND0+U9zUNE=
=ke7W
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Cyber Crooks Hijack Activities of Large Web-Hosting Firm Fergie (May 23)
- RE: Cyber Crooks Hijack Activities of Large Web-Hosting Firm Hubbard, Dan (May 23)