[nsp-sec] probably compromised web sites
Matthew McGlashan
matthew at auscert.org.au
Thu Mar 27 23:19:24 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
G'day Tom,
> attached a list of probably compromised web sites.
Sorry for the delay Tom.
Ack for 24238 24330 24446. hxxp://www.dreamoftrees.com/ seems still
compromised so we'll contact the site.
Best,
- -- Matthew McGlashan --
Coordination Centre Team Leader | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct: +61 7 3365 7924
(AusCERT) | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
> This list is based on referer stats of a Neosploit
> server - which is used to spread Torpig/Anserin/Hupigon/Sinowal/...
> which btw. uses a new MBR rootkit which is currently not detected
> by GMER or Symantec Mebroot tool :-(
>
> The compromised sites usually contains obfuscated javascript which leads
> to hhipthr.com/cgi-bin/mail.cgi (208.101.34.10 (Softlayer))
<snip>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR+xjuyh9+71yA2DNAQJ7pgP/VjYwYYh62o35mgnebvNBbIR9OS7gs3as
rPGSlKzaUo80udBVhzaJ+6qoSPX/WPQmUhOtKADNSedZoEjHSl9EDECH2QPB6tUq
Ki+2mKERCXdMClUSpVcziUkO5ae+Xn7BOmXpZnsyrU88Xz3rNARx9FNZqOcqDeCc
en8iGgLfIJA=
=j2No
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list