On Wed, 14 Feb 2007, Jeremy Epstein wrote:
> There was also a really entertaining presentation from Patrick Petersen of
> IronPort at RSA, in which he mentioned use of defaced web sites as proxy
> forwarders for spammers. According to the presentation, the spammers have a
> fairly sophisticated toolkit that takes over the site and turns it into a
> pharmacy (or whatever) redirect site. A different goal from the Websense
> presentation, but still a purpose other than simple defacement.
Indeed. I can post some screenshots of some of these tools if you are
interested in them.
Anon remailers, spam tools, etc. More and more spam is being sent using
web servers.
I am looking for someone to volunteer to create spam assasin rules based
on how these tools send mail.
You can find my writeup and link to article on this subject here:
http://blogs.securiteam.com/index.php/archives/815
Gadi.
>
> --Jeremy
>
> > -----Original Message-----
> > From: Gadi Evron [mailto:ge (at) linuxbox (dot) org [email concealed]]
> > Sent: Monday, February 12, 2007 11:17 AM
> > To: php-wars (at) whitestar.linuxbox (dot) org [email concealed]
> > Cc: botnets (at) whitestar.linuxbox (dot) org [email concealed];
> > full-disclosure (at) lists.grok.org (dot) uk [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
> > Subject: defacements for the installation of malcode
> >
> > Websense just released a blog post on how sites get defaced
> > for malicious purposes other than the defacement itself, such
> > as installing mallicious software on visiting users.
> >
> > This is yet another layer of abuse of web server attack platforms.
> >
> > You can find their post here:
> > http://www.websense.com/securitylabs/blog/blog.php?BlogID=109
> >
> > Gadi.
> >
>
> There was also a really entertaining presentation from Patrick Petersen of
> IronPort at RSA, in which he mentioned use of defaced web sites as proxy
> forwarders for spammers. According to the presentation, the spammers have a
> fairly sophisticated toolkit that takes over the site and turns it into a
> pharmacy (or whatever) redirect site. A different goal from the Websense
> presentation, but still a purpose other than simple defacement.
Indeed. I can post some screenshots of some of these tools if you are
interested in them.
Anon remailers, spam tools, etc. More and more spam is being sent using
web servers.
I am looking for someone to volunteer to create spam assasin rules based
on how these tools send mail.
You can find my writeup and link to article on this subject here:
http://blogs.securiteam.com/index.php/archives/815
Gadi.
>
> --Jeremy
>
> > -----Original Message-----
> > From: Gadi Evron [mailto:ge (at) linuxbox (dot) org [email concealed]]
> > Sent: Monday, February 12, 2007 11:17 AM
> > To: php-wars (at) whitestar.linuxbox (dot) org [email concealed]
> > Cc: botnets (at) whitestar.linuxbox (dot) org [email concealed];
> > full-disclosure (at) lists.grok.org (dot) uk [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
> > Subject: defacements for the installation of malcode
> >
> > Websense just released a blog post on how sites get defaced
> > for malicious purposes other than the defacement itself, such
> > as installing mallicious software on visiting users.
> >
> > This is yet another layer of abuse of web server attack platforms.
> >
> > You can find their post here:
> > http://www.websense.com/securitylabs/blog/blog.php?BlogID=109
> >
> > Gadi.
> >
>
[ reply ]