Security Incidents mailing list archives
Re: Possible google hack
From: <rsavage () nandomedia com>
Date: Tue, 7 Jan 2003 17:28:37 -0500 (EST)
Your proxy was probably hacked, not google's. -- Rory Savage, Senior Systems Administrator Nando Media: www.nandomedia.com email: rsavage () nandomedia com aol im (PiasElihU) 919-836-5987 (Office) On Tue, 7 Jan 2003, Johnson, April wrote:
I've run into something most unusual in my proxy cache from last night: This
was what appeared if I used my proxy to view www.google.com. It *could* be
that my proxy cache was hacked, or some kind of dns spoofing/corruption
occured between here and there. But has anyone else heard/seen this?
Ping for www.google.com resolves to 216.239.33.101 - from the proxy console.
The google site with a black background and the text
Touch by cassablanca
Gratz To
s2c botaks [M2C] Junkist DewaLangit SpaceGhostz Ghostz bagan Escuver
frozenghost Gir4ff3 AxAL
#IndoHackerLInk () DAL Net #AntiHackerLink () DAL Net #RealCyber () DAL net
I've included the source as follows... It doesn't look all that clean.
-April Johnson (CISSP, MCSE, CCNP)
Network Operations - Security
Seattle Public Schools
apjohnson () seattleschools org
206.252.0353
"Give a kid a fish, and he eats for a day; teach a kid to fish, and he eats
for a lifetime."
----------------------------------------------------------------------------
-
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Touch By cassablanca</TITLE> <META
http-equiv=Content-Type content="text/html; charset=windows-1252">
<"CHECK_FOR_VIRUSES"_STYLE .F1 {
FILTER: glow(Color=#FF8000,Strength=10); WIDTH: 250px; HEIGHT: 200px
} .F2 {
FILTER: glow(Color=#00FF00,Strength=10); WIDTH: 250px; HEIGHT: 200px
} .F3 {
FILTER: glow(Color=#0080FF,Strength=10); WIDTH: 250px; HEIGHT: 200px
} ></"CHECK_FOR_VIRUSES"_STYLE>
<"CHECK_FOR_VIRUSES"_SCRIPT language=JavaScript>
<!-- Original: CodeLifter.com (support () codelifter com) -->
<!-- Web Site: http://www.codelifter.com -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->
<!-- Begin
var rate = 1000
// do not edit below this line
var i = 0;
var F = 'F1';
function doThing() {
if (document.getElementById&&document.all) {
ok = true;
i++;
if (i==1) F = 'F1';
if (i==2) F = 'F2';
if (i==3) F = 'F3';
YammaYamma.className = F;
if (i > 2) i = 0;
timer = setTimeout('doThing()', rate);
}
}
// End -->
</"CHECK_FOR_VIRUSES"_SCRIPT>
<META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD> <BODY
text="#ffffff" bgColor="#000000" "CHECK_FOR_VIRUSES"_onload="doThing()"><!-- STEP THREE: Copy this
code into the BODY of your HTML document --> <CENTER> <TABLE cellSpacing=0
cellPadding=10 width=401 height="69">
<TBODY>
<TR>
<TD width="401" height="69">
<CENTER><FONT face="Monotype Corsiva" color=#ffffff>
<P id=YammaYamma><B><font size="7">Touch by </font> </B></FONT><B>
<font size="7" face="Monotype Corsiva"
color="#ffffff">cassablanca</font></B><FONT face=Courier color=#ffffff
size=10>
</P></FONT></CENTER></TD></TR></TBODY></TABLE></CENTER>
<P align="center"><B><FONT face=Terminal color=#00ff00 size=5>Gratz
To</FONT></B></P> <P align="center"><FONT face="Comic Sans MS" color=#ff0000
size=4>s2c botaks
[M2C] Junkist DewaLangit SpaceGhostz Ghostz bagan Escuver frozenghost
Gir4ff3
AxAL</FONT></P>
<P align="center"><FONT face="Monotype Corsiva" color=#ff0000 size=5><FONT
color=#ffffff></a></a></FONT>
</font><FONT face="Monotype Corsiva"
size=5>#IndoHackerLInk () DAL Net</font></a></a> </FONT> </font> <font
face="Monotype Corsiva" size="5"> #AntiHackerLink () DAL Net
#RealCyber () DAL net</A></font><font face="Monotype Corsiva" color="#ff0000"
size="5"></HTML><font face="Monotype Corsiva"
size="5"></a></font></font></P><!-- text below generated by server. PLEASE
REMOVE
--></"CHECK_FOR_VIRUSES"_object></"CHECK_FOR_VIRUSES"_layer></div></span></"CHECK_FOR_VIRUSES"_style></noscript></table></"CHECK_FOR_VIRUSES"_script></apple
t><"CHECK_FOR_VIRUSES"_script language="JavaScript"
src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js";></"CHECK_FOR_VIRUSES"_script><"CHECK_FOR_VIRUSES"_script
language="JavaScript"
src="http://domainpending.com/js_source/geov2.js";></"CHECK_FOR_VIRUSES"_script><"CHECK_FOR_VIRUSES"_script
language="javascript">geovisit();</"CHECK_FOR_VIRUSES"_script><noscript><img
src="http://visit.webhosting.yahoo.com/visit.gif?us1040932987"; border=0
width=1 height=1></noscript> <IMG
SRC="http://geo.yahoo.com/serv?s=76001085&t=1040932987"; ALT=1 WIDTH=1
HEIGHT=1>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
![http://visit.webhosting.yahoo.com/visit.gif?us1040932987"](http://visit.webhosting.yahoo.com/visit.gif?us1040932987"){kind=link}
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible google hack Johnson, April (Jan 07)
- Re: Possible google hack rsavage (Jan 07)