Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Virus on web site
From: Nick FitzGerald (nickvirus-l.demon.co.uk)
Date: Tue Aug 02 2005 - 22:07:53 CDT
Peter B. Harvey wrote:
> An update the Virus is a HAXDOOR variant which is a backdoor.
> Symantec and Trend also now detect it.
And most other "major" AV engines -- about an hour before you posted, I
got this result from 22 virus scanners with different engines:
> The virus is spread by an iframe or link in an email asking to go to
> a compromised website. The latest site seen is:
> This opens up a two frame page with A hotmail look alike login screen
> which appears to be used to steal passport credentials to anyone
> foolish enough to enter them.
> The other frame is only a couple of pizels high at the top. This
> opens an IFRAME to
> This page looks like an advert for a samsung phone but contains two
> These emails will get past most content scanners as they are just an
> HTML email. SPAM engines might catch them.
> A new variant just came in and it appears to be just using the
> IFRAME at the top points to
All those sites are now returning "closed for maintenance" or "closed
for ToS abuse" style pages...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/