Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Russ McRee (holisticinfosecgmail.com)
Date: Mon Feb 08 2010 - 14:27:14 CST
Directory traversal as a reconnaissance tool
Like most of you, I find malicious or fraudulent online advertisers
annoying to say the least.
My typical response, upon receipt of rogue AV pop-ups, or redirects to
clearly fraudulent sites, is to "closely scrutinize" the perpetrating
This effort often bears fruit as is evident in the following analysis.
My interest was recently peaked when being made aware of a number of
related sites committing abuse against a variety of brands; all quite
clearly in violation of copyrights and trademarks.
An example, for your consideration: messenger-download.info
After a little exploration it was quickly determined that these
cretins seek only to con victims out of credit card data with the
promise of illegal downloads for a fee.
Apparently these dbags have been at it for awhile.
They make it look like you're going to receive access to a legitimate
offering then they suck you in to freedownloadzone.com.
This, of course, pissed me off, so...off to the races.
A poke here, a tickle there, and voila.../etc/passwd...
GCIH, GPEN, GCFA, CISSP
Dailydave mailing list