On Wed, 14 Feb 2007, Jeremy Epstein wrote:
There was also a really entertaining presentation from Patrick Petersen of
IronPort at RSA, in which he mentioned use of defaced web sites as proxy
forwarders for spammers. According to the presentation, the spammers have a
fairly sophisticated toolkit that takes over the site and turns it into a
pharmacy (or whatever) redirect site. A different goal from the Websense
presentation, but still a purpose other than simple defacement.
Indeed. I can post some screenshots of some of these tools if you are
interested in them.
Anon remailers, spam tools, etc. More and more spam is being sent using
web servers.
I am looking for someone to volunteer to create spam assasin rules based
on how these tools send mail.
You can find my writeup and link to article on this subject here:
http://blogs.securiteam.com/index.php/archives/815
Gadi.
--Jeremy
-----Original Message-----
From: Gadi Evron [mailto:ge@linuxbox.org]
Sent: Monday, February 12, 2007 11:17 AM
To: php-wars@whitestar.linuxbox.org
Cc: botnets@whitestar.linuxbox.org;
full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com
Subject: defacements for the installation of malcode
Websense just released a blog post on how sites get defaced
for malicious purposes other than the defacement itself, such
as installing mallicious software on visiting users.
This is yet another layer of abuse of web server attack platforms.
You can find their post here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=109
Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
