[Dshield] New York Newspaper hacked

Tom dshield at oitc.com
Sun Feb 26 18:39:08 GMT 2006


At 8:37 AM -0600 2/26/06, ptds at majordomo.thedacare.org wrote:
>Anyone know a human at the observer in New York?
>
>Someone has put an iframe exploit into the code inserted on each page.
>
>Don't go here:
>
>http://
>www.observer.com/ 20060227 / 20060227_Joe_Conason_opinions_conason.asp

All I see are iframes being used for ads as seen below. 
advertserve.com seems like a totally legit biz and I pulled some ads 
ant them are legit also. What made you think this is an exploit?

Tom

<!-- BEGIN ADVERTPRO CODE BLOCK -->
<SCRIPT language="JavaScript" type="text/javascript">
<!-- var bust = Math.floor(89999999*Math.random()+10000000); var 
millis = new Date().getTime(); document.writeln('<IFRAME 
src="http://observer.advertserve.com/advertpro/servlet/view/banner/html/zone?zid=60&pid=0&random='+bust+'&millis='+millis+'" 
height="90" width="728" hspace="0" vspace="0" frameborder="0" 
marginwidth="0" marginheight="0" scrolling="no">
'); document.writeln('<A 
href="http://observer.advertserve.com/advertpro/servlet/click/zone?zid=60&pid=0&lookup=true&random='+bust+'&millis='+millis+'" 
target="_top">
'); document.writeln('<IMG 
src="http://observer.advertserve.com/advertpro/servlet/view/banner/image/zone?zid=60&pid=0&random='+bust+'&millis='+millis+'" 
height="90" width="728" hspace="0" vspace="0" border="0" alt="Click 
Here!">
'); document.writeln('</A>
'); document.writeln('</IFRAME>
'); //-->
</SCRIPT>
<NOSCRIPT>
<IFRAME 
src="http://observer.advertserve.com/advertpro/servlet/view/banner/html/zone?zid=60&pid=0" 
height="90" width="728" hspace="0" vspace="0" frameborder="0" 
marginwidth="0" marginheight="0" scrolling="no">
<A 
href="http://observer.advertserve.com/advertpro/servlet/click/zone?zid=60&pid=0&lookup=true&position=1" 
target="_top">
<IMG 
src="http://observer.advertserve.com/advertpro/servlet/view/banner/image/zone?zid=60&pid=0&position=1" 
height="90" width="728" hspace="0" vspace="0" border="0" alt="Click 
Here!">
</A>
</IFRAME>
</NOSCRIPT>
<!-- END ADVERTPRO CODE BLOCK -->


    Domain Name: ADVERTSERVE.COM

    Administrative Contact
         Wade Wilkinson: renegade at renegadeinternet.com
         Renegade Internet
         350 Manley Rd.
         Hazel Green, AL 35750
         US
         Phone 256-828-8921
         Fax
    Technical Contact
         Wade Wilkinson: renegade at renegadeinternet.com
         Renegade Internet
         350 Manley Rd.
         Hazel Green, AL 35750
         US
         Phone 256-828-8921
         Fax
    Billing Contact
         Wade Wilkinson: renegade at renegadeinternet.com
         Renegade Internet
         350 Manley Rd.
         Hazel Green, AL 35750
         US
         Phone 256-828-8921
         Fax

    Record updated date: 2006-02-03 07:41:15
    Record created date: 2000-02-10
    Record expires on date: 2007-02-10
    Database last updated on: 2006-02-26 13:33:17 EST

    Domain servers in listed order:

    HOST.RENEGADEINTERNET.COM     64.65.42.116
    HOST2.RENEGADEINTERNET.COM    69.0.137.154


-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Google Talk: trshaw at gmail.com
skype: trshaw


More information about the list mailing list