[Dshield] Amazon phish site.

Johannes B. Ullrich jullrich at sans.org
Mon Apr 24 11:39:35 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160



A phish is typically setup using a well known web server vulnerability.
At this point, many of them are setup by more or less "bottom feeders"
as far as the overall hacking scene goes. Only few of them are a bit
more sophisticated. So you are likely looking at people who brute force
passwords (e.g. a lot of the SSH / FTP server password scans you may
see) or they use well known problems with phpbb/mambo and other software
like that. While the tools are automated and may fall into the "worm"
category, they are usually just simple scripted hacking tools.




IT wrote:
> Hi All,
> 
> I work for an ISP. Recently we had an issue with an customer's
> machine. The customer's system was running a site as
> http://x.x.x.x/amazon/amazon/index.html and we had mails coming from
> folks in other ISP complaining about this IP address saying as there
> is a 'phish' site hosted on your network...
> 
> I did some googling and found that there are similar cases repoprted.
> I'm just trying to understand whether it is a worm/virus activity
> which plants a 'phish' site on the victim's machine or a hacker
> systematically compromising systems and putting webservers/spam mail
> server on the same?
> 
> Has anyone seen similar incidents or has any other info about this?
> 
> thnx
> 
> theetz.
> 

> ---------------------------- Da UnDeRgRoUnD HaCkInG 4RcE Of I.T. 

<jedi handwave>This is not a troll</jedi handwave>

> _________________________________________ Learn about Intrusion
> Detection in Depth from the comfort of your own couch: 
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________ send all posts to
> list at lists.dshield.org To change your subscription options (or
> unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


- --

- -------------------
Johannes B. Ullrich, Ph.D
Chief Research Officer
SANS Institute
http://isc.sans.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFETLj3PNuXYcm/v/0RAzLWAJ9TazklPqvcFuSZchvbWE/3c9SClwCcDBpL
j+3gU8OlRSSRGvE3ke72Yr8=
=kbz1
-----END PGP SIGNATURE-----


More information about the list mailing list