Full Disclosure: browser hijack by apache sites

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

browser hijack by apache sites

From: Feher Tamas <etomcat () freemail hu>
Date: Mon, 24 May 2004 14:46:46 +0200 (CEST)

Hello,

http://www.b00gle.com/fa/?d=get


Starting from here, the usual combination of unpatched IE and plain 
user will quickly receive a nice set of malware automatically:
Small.gl, Istbar.dw, Java_Classloader, Java_OpenStream, etc.

The end station is probably Gator, CoolWeb, a spam proxy or 
something even nastier.

http://www.pizdato.biz/acc1/exploit.exe


"This file works "normally", installs itself and creates a startup key in 
the Registry. It can download files from Internet. Could be classified as 
a new TrojanDownloader malware"

Sincerely: Tamas Feher.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

browser hijack by apache sites Filbert (May 23)
- <Possible follow-ups>
- Re: browser hijack by apache sites D B (May 23)
- Re:browser hijack by apache sites Ian Latter (May 23)
- browser hijack by apache sites Feher Tamas (May 24)
  - Re: browser hijack by apache sites Filbert (May 24)
  - Re: browser hijack by apache sites Matthijs Dalhuijsen (May 25)