[Dshield] Amazon phish site.
ge at linuxbox.org
Mon Apr 24 11:50:01 GMT 2006
On Mon, 24 Apr 2006, Johannes B. Ullrich wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> A phish is typically setup using a well known web server vulnerability.
> At this point, many of them are setup by more or less "bottom feeders"
> as far as the overall hacking scene goes. Only few of them are a bit
> more sophisticated. So you are likely looking at people who brute force
> passwords (e.g. a lot of the SSH / FTP server password scans you may
> see) or they use well known problems with phpbb/mambo and other software
> like that. While the tools are automated and may fall into the "worm"
> category, they are usually just simple scripted hacking tools.
Let's not forget SquirrelMail. :)
> IT wrote:
> > Hi All,
> > I work for an ISP. Recently we had an issue with an customer's
> > machine. The customer's system was running a site as
> > http://x.x.x.x/amazon/amazon/index.html and we had mails coming from
> > folks in other ISP complaining about this IP address saying as there
> > is a 'phish' site hosted on your network...
> > I did some googling and found that there are similar cases repoprted.
> > I'm just trying to understand whether it is a worm/virus activity
> > which plants a 'phish' site on the victim's machine or a hacker
> > systematically compromising systems and putting webservers/spam mail
> > server on the same?
> > Has anyone seen similar incidents or has any other info about this?
> > thnx
> > theetz.
> > ---------------------------- Da UnDeRgRoUnD HaCkInG 4RcE Of I.T.
> <jedi handwave>This is not a troll</jedi handwave>
> > _________________________________________ Learn about Intrusion
> > Detection in Depth from the comfort of your own couch:
> > https://www.sans.org/athome/details.php?id=1341&d=1
> > _______________________________________________ send all posts to
> > list at lists.dshield.org To change your subscription options (or
> > unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> - --
> - -------------------
> Johannes B. Ullrich, Ph.D
> Chief Research Officer
> SANS Institute
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> SANSFIRE 2006 - Meet ISC Handlers in Person -
> Learn about the latest in Information Security from the best instructors in the world.
> Internet Storm Center Webcasts: http://www.sans.org/webcasts . Every Wednesday after patch-tuesday.
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list