[Dshield] Amazon phish site.

Gadi Evron ge at linuxbox.org
Mon Apr 24 11:50:01 GMT 2006


On Mon, 24 Apr 2006, Johannes B. Ullrich wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> 
> 
> A phish is typically setup using a well known web server vulnerability.
> At this point, many of them are setup by more or less "bottom feeders"
> as far as the overall hacking scene goes. Only few of them are a bit
> more sophisticated. So you are likely looking at people who brute force
> passwords (e.g. a lot of the SSH / FTP server password scans you may
> see) or they use well known problems with phpbb/mambo and other software
> like that. While the tools are automated and may fall into the "worm"
> category, they are usually just simple scripted hacking tools.

Let's not forget SquirrelMail. :)

> 
> 
> 
> 
> IT wrote:
> > Hi All,
> > 
> > I work for an ISP. Recently we had an issue with an customer's
> > machine. The customer's system was running a site as
> > http://x.x.x.x/amazon/amazon/index.html and we had mails coming from
> > folks in other ISP complaining about this IP address saying as there
> > is a 'phish' site hosted on your network...
> > 
> > I did some googling and found that there are similar cases repoprted.
> > I'm just trying to understand whether it is a worm/virus activity
> > which plants a 'phish' site on the victim's machine or a hacker
> > systematically compromising systems and putting webservers/spam mail
> > server on the same?
> > 
> > Has anyone seen similar incidents or has any other info about this?
> > 
> > thnx
> > 
> > theetz.
> > 
> 
> > ---------------------------- Da UnDeRgRoUnD HaCkInG 4RcE Of I.T. 
> 
> <jedi handwave>This is not a troll</jedi handwave>
> 
> > _________________________________________ Learn about Intrusion
> > Detection in Depth from the comfort of your own couch: 
> > https://www.sans.org/athome/details.php?id=1341&d=1
> > 
> > _______________________________________________ send all posts to
> > list at lists.dshield.org To change your subscription options (or
> > unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> > 
> 
> 
> - --
> 
> - -------------------
> Johannes B. Ullrich, Ph.D
> Chief Research Officer
> SANS Institute
> http://isc.sans.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFETLj3PNuXYcm/v/0RAzLWAJ9TazklPqvcFuSZchvbWE/3c9SClwCcDBpL
> j+3gU8OlRSSRGvE3ke72Yr8=
> =kbz1
> -----END PGP SIGNATURE-----
> _________________________________________
> 
> SANSFIRE 2006 - Meet ISC Handlers in Person -
> Learn about the latest in Information Security from the best instructors in the world.
> 
> http://www.sans.org/sansfire006
> 
> Internet Storm Center Webcasts: http://www.sans.org/webcasts . Every Wednesday after patch-tuesday.
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 



More information about the list mailing list